CNNVD-202601-1205 Information

CNNVD ID

CNNVD-202601-1205

Related CVE

CVE-2025-12543

• CNNVD Published: 2026-01-07

Description (Chinese)

Red Hat Undertow是美国红帽（Red Hat）公司的一款基于Java的嵌入式Web服务器，是Wildfly（Java应用服务器）默认的Web服务器。 Red Hat Undertow存在安全漏洞，该漏洞源于未正确验证Host标头，可能导致缓存投毒、内部网络扫描或会话劫持。

Description (English)

Red Hat Undertow, an embedded Web server based on Java, is the default Web server for Wildfly (Java application server). Red Hat Undertow had a security loophole, which stemmed from an incorrect validation of the Host marker, which could lead to a cache of poisoning, an internal network scan or a session hijacking.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

红帽

Published

2026-01-07

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-12543 https://bugzilla.redhat.com/show_bug.cgi?id=2408784