CVE-2021-20220 – A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP r …

23 February 2021

Vuln ID: CVE-2021-20220

Published: 2021-02-23 18:15:13Z

Description: A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.

Source: NVD.NIST.GOV

Date:

23 February 2021

Categorie(s):

NVD

Tag(s):

NVD

Understanding Latrodectus: A Stealthy Cyber Threat23 April 2024
Volkswagen Group’s Systems Hacked: 19,000+ Documents Stolen23 April 2024
CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)23 April 2024
Russian Sandworm Group Hit 20 Ukrainian Energy and Water Sites23 April 2024
Trellix Email Security for Microsoft Office 365 improves email defense23 April 2024