Headline
CVE-2020-10719: invalid HTTP request with large chunk size
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
Description msiddiqu 2020-04-27 18:16:13 UTC
A vulnerability was found in Undertow, where parsing invalid http request may cause http request smuggling.
Comment 2 msiddiqu 2020-04-28 08:30:39 UTC
Acknowledgments:
Name: ZeddYu
Comment 9 errata-xmlrpc 2020-05-11 20:10:59 UTC
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6
Via RHSA-2020:2058 https://access.redhat.com/errata/RHSA-2020:2058
Comment 10 errata-xmlrpc 2020-05-11 20:14:03 UTC
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7
Via RHSA-2020:2059 https://access.redhat.com/errata/RHSA-2020:2059
Comment 11 errata-xmlrpc 2020-05-11 20:17:01 UTC
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8
Via RHSA-2020:2060 https://access.redhat.com/errata/RHSA-2020:2060
Comment 12 errata-xmlrpc 2020-05-11 20:20:17 UTC
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform
Via RHSA-2020:2061 https://access.redhat.com/errata/RHSA-2020:2061
Comment 13 Product Security DevOps Team 2020-05-12 10:33:33 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-10719
Comment 15 errata-xmlrpc 2020-06-10 19:06:24 UTC
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
Via RHSA-2020:2511 https://access.redhat.com/errata/RHSA-2020:2511
Comment 16 errata-xmlrpc 2020-06-10 19:24:42 UTC
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform
Via RHSA-2020:2515 https://access.redhat.com/errata/RHSA-2020:2515
Comment 17 errata-xmlrpc 2020-06-11 07:09:51 UTC
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8
Via RHSA-2020:2513 https://access.redhat.com/errata/RHSA-2020:2513
Comment 18 errata-xmlrpc 2020-06-11 07:17:56 UTC
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7
Via RHSA-2020:2512 https://access.redhat.com/errata/RHSA-2020:2512
Comment 20 errata-xmlrpc 2020-07-02 13:21:46 UTC
This issue has been addressed in the following products:
Red Hat Single Sign-On 7.4.1
Via RHSA-2020:2813 https://access.redhat.com/errata/RHSA-2020:2813
Comment 21 errata-xmlrpc 2020-07-23 07:04:53 UTC
This issue has been addressed in the following products:
Red Hat Openshift Application Runtimes
Via RHSA-2020:2905 https://access.redhat.com/errata/RHSA-2020:2905
Comment 22 errata-xmlrpc 2020-08-31 15:41:12 UTC
This issue has been addressed in the following products:
EAP-CD 20 Tech Preview
Via RHSA-2020:3585 https://access.redhat.com/errata/RHSA-2020:3585
Comment 24 errata-xmlrpc 2021-08-11 18:23:04 UTC
This issue has been addressed in the following products:
Red Hat Fuse 7.9
Via RHSA-2021:3140 https://access.redhat.com/errata/RHSA-2021:3140