Known Vulnerabilities for Undertow by Redhat
Listed below are 10 of the newest known vulnerabilities associated with "Undertow" by "Redhat".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-28369 json | A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spac... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2026-28368 json | A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where heade... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2026-28367 json | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminat... | Not Provided | 2026-03-27 | 2026-04-08 |
| CVE-2026-3260 json | A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing mu... | Not Provided | 2026-03-24 | 2026-03-26 |
| CVE-2024-3884 json | A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinit... | Not Provided | 2025-12-03 | 2026-04-01 |
| CVE-2023-3223 json | A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart c... | 7.5 - HIGH | 2023-09-27 | 2023-11-07 |
| CVE-2023-1108 json | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status u... | 7.5 - HIGH | 2023-09-14 | 2023-11-16 |
| CVE-2022-4492 json | The undertow client is not checking the server identity presented by the server certificate in https connections. This is a c... | 7.5 - HIGH | 2023-02-23 | 2023-03-24 |
| CVE-2022-2764 json | A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB i... | 4.9 - MEDIUM | 2022-09-01 | 2022-11-07 |
| CVE-2022-2053 json | When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRe... | 7.5 - HIGH | 2022-08-05 | 2022-08-11 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Undertow | 7.1.2 | |||
| Application | Redhat | Undertow | 2.2.4 | |||
| Application | Redhat | Undertow | 2.2.3 | |||
| Application | Redhat | Undertow | 2.2.2 | |||
| Application | Redhat | Undertow | 2.2.1 | |||
| Application | Redhat | Undertow | 2.2.0 | |||
| Application | Redhat | Undertow | 2.1.6 | |||
| Application | Redhat | Undertow | 2.1.1 | |||
| Application | Redhat | Undertow | 2.1.0 | |||
| Application | Redhat | Undertow | 2.0.9 | |||
| Application | Redhat | Undertow | 2.0.8 | |||
| Application | Redhat | Undertow | 2.0.7 | |||
| Application | Redhat | Undertow | 2.0.6 | |||
| Application | Redhat | Undertow | 2.0.5 | |||
| Application | Redhat | Undertow | 2.0.4 | |||
| Application | Redhat | Undertow | 2.0.30 | |||
| Application | Redhat | Undertow | 2.0.30 | |||
| Application | Redhat | Undertow | 2.0.30 | |||
| Application | Redhat | Undertow | 2.0.3 | |||
| Application | Redhat | Undertow | 2.0.29 |