Medium severity4.8NVD Advisory· Published Sep 23, 2020· Updated Jun 17, 2026
CVE-2020-10687
CVE-2020-10687
Description
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-coreMaven | < 2.2.0.Final | 2.2.0.Final |
Affected products
2- Undertow/Undertowdescription
Patches
Vulnerability mechanics
References
7- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-p9w3-gwc2-cr49ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-10687ghsaADVISORY
- security.netapp.com/advisory/ntap-20220210-0015/nvdThird Party Advisory
- lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20220210-0015ghsaWEB
- lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c%40%3Cdev.cxf.apache.org%3Envd
News mentions
0No linked articles in our index yet.