Information on source package undertow

Available versions

ReleaseVersion
stretch (security)1.4.8-1+deb9u1
buster1.4.25-1
sid1.4.25-1

Open issues

BugstretchbustersidDescription
CVE-2018-1114vulnerable (no DSA)fixedfixedFile descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service
CVE-2018-1067vulnerable (no DSA)fixedfixedIn Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the ...
CVE-2018-1048vulnerable (no DSA)fixedfixedIt was found that the AJP connector in undertow, as shipped in Jboss ...
CVE-2017-7559vulnerable (no DSA)fixedfixedIn Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and ...
CVE-2017-12196vulnerable (no DSA)fixedfixedundertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was ...
CVE-2017-12165vulnerable (no DSA)vulnerablevulnerableimproper whitespace parsing leading to potential HTTP request smuggling

Resolved issues

BugDescription
CVE-2017-2670
CVE-2017-2666
CVE-2016-7046Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating ...
CVE-2016-4993CRLF injection vulnerability in the Undertow web server in WildFly ...
CVE-2014-7816Directory traversal vulnerability in JBoss Undertow 1.0.x before ...

Security announcements

DSA / DLADescription
DSA-3906-1undertow - security update

Search for package or bug name: Reporting problems