CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27782

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.8%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 7.8

References

Products affected by CVE-2020-27782

Redhat » Jboss Fuse » Version: 6.0.0

cpe:2.3:a:redhat:jboss_fuse:6.0.0
Redhat » Jboss Fuse » Version: 7.0.0

cpe:2.3:a:redhat:jboss_fuse:7.0.0
Redhat » Openshift Application Runtimes » Version: N/A

cpe:2.3:a:redhat:openshift_application_runtimes:-
Redhat » Undertow » Version: 2.0.33

cpe:2.3:a:redhat:undertow:2.0.33
Redhat » Undertow » Version: 2.1.5

cpe:2.3:a:redhat:undertow:2.1.5
Redhat » Undertow » Version: 2.2.3

cpe:2.3:a:redhat:undertow:2.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27782

Products

Pricing

Contact Us