漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Undertow: undertow: request smuggling via inconsistent header parsing
Vulnerability Description
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
Undertow 环境问题漏洞
Vulnerability Description
Undertow是美国Undertow公司的一个Web服务器。 Undertow存在环境问题漏洞,该漏洞源于远程攻击者可构造特制请求导致标头解析差异,可能导致请求夹带攻击。
CVSS Information
N/A
Vulnerability Type
N/A