ГлавнаяУязвимости → CVE-2025-12543
9.6критическая

CVE-2025-12543

Описание

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

Затрагиваемое ПО
Redhat Build of apache camelRedhat Data gridRedhat FuseRedhat Jboss enterprise application platformRedhat Jboss enterprise application platform expansion packRedhat Process automationRedhat Single sign-onRedhat Undertow
CVSS
Балл9.6 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
Источники
https://access.redhat.com/errata/RHSA-2026:0383https://access.redhat.com/errata/RHSA-2026:0384https://access.redhat.com/errata/RHSA-2026:0386https://access.redhat.com/errata/RHSA-2026:33371https://access.redhat.com/errata/RHSA-2026:33372https://access.redhat.com/errata/RHSA-2026:3889https://access.redhat.com/errata/RHSA-2026:3890https://access.redhat.com/errata/RHSA-2026:3891