A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:LRed Hat Build Of Apache Camel
APPRedhat< 4.14.4Red Hat Data Grid
APPRedhat8.0Red Hat Fuse
APPRedhat7.0.0Red Hat Jboss Enterprise Application Platform
APPRedhat7.0.08.1.0 – 8.1.3 (bez)8.0 – 8.0.12 (bez)Red Hat Jboss Enterprise Application Platform Expansion Pack
APPRedhatwszystkie wersjeRed Hat Process Automation
APPRedhat7.0Red Hat Single Sign On
APPRedhat7.0Red Hat Undertow
APPRedhat< 2.2.392.3.0 – 2.3.21 (bez)
Related vulnerabilities
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows rem...
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to by...
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerabili...
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0...