satyamchaurasiapersistent / JavaVulnerableLab

lab
0 stars 0 forks source link

CX: CVE-2020-27782 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.master #165

Open satyamchaurasiapersistent opened 1 year ago

satyamchaurasiapersistent commented 1 year ago

Description

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow before 2.2.4.

HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch master

Vulnerability ID: CVE-2020-27782

Package Name: io.undertow:undertow-core

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2021-02-23T19:15:00

Current Package Version: 2.0.9.Final

Remediation Upgrade Recommendation: 2.2.26.Final

Link To SCA

Reference – NVD link

satyamchaurasiapersistent commented 1 year ago

Issue still exists.