Where
-Infinity
0

Trending

Last week
Last month
Last year

redhat JBoss Enterprise Application PlatformUndertow: undertow: request smuggling via malformed http request headers

Risk 66
Severity
9.1
First published (updated )
CVE-2026-28369

redhat JBoss Enterprise Application PlatformUndertow: undertow: request smuggling via inconsistent header parsing

Risk 66
Severity
9.1
First published (updated )
CVE-2026-28368

redhat JBoss Enterprise Application PlatformUndertow: undertow: request smuggling via `\r\r\r` as a header block terminator

Risk 66
Severity
9.1
First published (updated )
CVE-2026-28367

redhat Enterprise LinuxUndertow: undertow: denial of service due to premature multipart/form-data parsing in get requests

Risk 43
Severity
7.5
First published (updated )
CVE-2026-3260

redhat JBoss Enterprise Application PlatformUndertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

Risk 76
Severity
9.6
First published (updated )
CVE-2025-12543
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat JBoss Enterprise Application PlatformUndertow: undertow madeyoureset http/2 ddos vulnerability

Risk 31
Severity
7.5
EPSS
0.61%
First published (updated )
CVE-2025-9784

maven/io.undertow:undertow-coreUndertow: directory traversal vulnerability

Risk 28
Severity
5.3
First published (updated )
CVE-2024-1459

redhat JBoss Enterprise Application PlatformUndertow: ajp request closes connection exceeding maxrequestsize

Risk 31
Severity
7.5
EPSS
0.13%
First published (updated )
CVE-2023-5379

redhat OpenShift Container PlatformUndertow: outofmemoryerror due to @multipartconfig handling

Risk 46
Severity
7.5
First published (updated )
CVE-2023-3223

redhat/eap7-undertowUndertow: infinite loop in sslconduit during close

Risk 46
Severity
7.5
First published (updated )
CVE-2023-1108
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat/eap7-undertowA flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious r…

Risk 45
Severity
7.5
First published (updated )
CVE-2022-2053

redhat/eap7-undertowA flaw was found in Undertow where a potential security issue in flow control handling by browser ov…

Risk 45
Severity
7.5
First published (updated )
CVE-2021-3629

redhat/eap7-activemq-artemisXSS

Risk 36
Severity
4.8
First published (updated )
CVE-2021-20220

redhat/eap7-apache-cxfA vulnerability was found in Undertow, where parsing invalid http request may cause http request smu…

Risk 40
Severity
6.5
First published (updated )
CVE-2020-10719

redhat/eap7-undertowA file read/inclusion vulnerability was found in AJP connector in Undertow. This is enabled with a d…

Risk 89
Severity
9.8
First published (updated )
CVE-2020-1745
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat/eap7-apache-cxfA flaw was discovered in Undertow where certain requests to the "Expect: 100-continue" header may ca…

Risk 45
Severity
7.5
First published (updated )
CVE-2020-10705

redhat/eap7-hal-consoleXSS

Risk 36
Severity
4.8
First published (updated )
CVE-2020-10687

redhat jboss-remotingA flaw was found in Undertow as shipped in Jboss EAP before version 7.2.4. A memory leak in HttpOpen…

Risk 45
Severity
7.5
First published (updated )
CVE-2019-19343

redhat/eap7-apache-cxfA vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the…

Risk 45
Severity
7.5
First published (updated )
CVE-2019-14888

redhat JBoss Enterprise Application PlatformUndertow DEBUG log for io.undertow.request.security if enabled leaks credentials to log files with l…

Risk 88
Severity
9.8
First published (updated )
CVE-2019-10212
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat JBoss Enterprise Application PlatformAn information leak issue was found in undertow where web apps may have their directory structures p…

Risk 45
Severity
7.5
First published (updated )
CVE-2019-10184

redhat/eap7-apache-commons-codecA vulnerability was found in Undertow web server. An information exposure of plain text credentials …

Risk 88
Severity
9.8
First published (updated )
CVE-2019-3888

redhat/eap7-apache-cxfInput Validation, Infoleak

Risk 62
Severity
8.1
First published (updated )
CVE-2020-1757

redhat/eap7-activemq-artemisInfoleak

Risk 33
Severity
5.3
First published (updated )
CVE-2018-14642

redhat VirtualizationIt was found that URLResource.getLastModified() in Undertow closes the file descriptors only when th…

Risk 38
Severity
6.5
First published (updated )
CVE-2018-1114
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat undertowCRLF Injection

Risk 38
Severity
6.1
First published (updated )
CVE-2018-1067

redhat/undertowWhen using a "Digest" authentication, server does not ensure that value of the "uri" attribute in "A…

Risk 36
Severity
5.9
First published (updated )
CVE-2017-12196

redhat/eap7-activemq-artemisIt was discovered that Undertow processes http request headers with unusual whitespaces which can ca…

Risk 45
Severity
7.5
First published (updated )
CVE-2017-12165

redhat/eap7-activemq-artemisXSS

Risk 41
Severity
6.5
First published (updated )
CVE-2017-7559

redhat/eap7-activemq-artemisXSS

Risk 41
Severity
6.5
First published (updated )
CVE-2017-2666
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203