Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Web Server

Undertow

Undertow is a flexible performant web server written in java providing both blocking and non-blocking APIs based on NIO.rnrnUndertow has a composition based architecture that allows you to build a web server by combining small single purpose handlers. The gives you the flexibility to choose between a full Java EE servlet 4.0 container or a low level non-blocking handler to anything in between.

Official Site:

http://undertow.io/

Severity Summary:

Critical: 4 High: 15 Medium: 9
Reference
Title
Severity
CVE-2020-1745
Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Critical
CVE-2019-10212
Undertow Insertion of Sensitive Information into Log File Vulnerability
Critical
CVE-2019-3888
Undertow Insertion of Sensitive Information into Log File Vulnerability
Critical
CVE-2022-4492
Undertow Vulnerability
Critical
CVE-2023-3223
Undertow Vulnerability
High
CVE-2019-10184
Undertow Missing Authorization Vulnerability
High
CVE-2021-3629
Undertow Uncontrolled Resource Consumption Vulnerability
High
CVE-2019-19343
Undertow Uncontrolled Resource Consumption Vulnerability
High
CVE-2022-1319
Undertow Unchecked Return Value Vulnerability
High
CVE-2020-10705
Undertow Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability
High
CVE-2017-12165
Undertow Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability
High
CVE-2020-1757
Undertow Improper Input Validation Vulnerability
High
CVE-2019-14888
Undertow Uncontrolled Resource Consumption Vulnerability
High
CVE-2021-3690
Undertow Uncontrolled Resource Consumption Vulnerability
High
CVE-2022-1259
Undertow Vulnerability
High
CVE-2021-3859
Undertow Exposure of Resource to Wrong Sphere Vulnerability
High
CVE-2017-2670
Undertow Loop with Unreachable Exit Condition (Infinite Loop) Vulnerability
High
CVE-2023-1108
Undertow Loop with Unreachable Exit Condition (Infinite Loop) Vulnerability
High
CVE-2022-2053
Undertow Uncontrolled Resource Consumption Vulnerability
High
CVE-2022-2764
Undertow Vulnerability
Medium
CVE-2020-10687
Undertow Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability
Medium
CVE-2021-3597
Undertow Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability
Medium
CVE-2014-7816
Undertow Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2021-20220
Undertow Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability
Medium
CVE-2017-7559
Undertow Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability
Medium
CVE-2018-1067
Undertow Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting) Vulnerability
Medium
CVE-2020-10719
Undertow Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability
Medium
CVE-2017-12196
Undertow Incorrect Authorization Vulnerability
Medium