Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-12543— Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

CVSS 9.6 · Critical EPSS 0.05% · P16
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-12543

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat Undertow 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat Undertow是美国红帽(Red Hat)公司的一款基于Java的嵌入式Web服务器,是Wildfly(Java应用服务器)默认的Web服务器。 Red Hat Undertow存在安全漏洞,该漏洞源于未正确验证Host标头,可能导致缓存投毒、内部网络扫描或会话劫持。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11-cpe:/a:redhat:apache_camel_spring_boot:4.14
Red HatRed Hat JBoss Enterprise Application Platform 2.2.39.Final-redhat-00001 ~ * cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 0:2.2.39-1.Final_redhat_00001.1.el7eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 0:7.4.24-4.GA_redhat_00002.1.el7eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 0:2.2.39-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 0:7.4.24-4.GA_redhat_00002.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 0:2.2.39-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 0:7.4.24-4.GA_redhat_00002.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0-cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:1.83.0-1.redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:33.0.0-2.jre_redhat_00003.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:4.0.6-1.redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:1.0.0-3.redhat_00009.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:2.0.2-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:2.3.23-1.SP3_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:1.83.0-1.redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:33.0.0-2.jre_redhat_00003.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:4.0.6-1.redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:1.0.0-3.redhat_00009.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:2.0.2-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:2.3.23-1.SP3_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1-cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:4.0.10-1.redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:1.82.0-1.redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:801.3.0-1.GA_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:1.0.1-3.redhat_00003.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:6.6.36-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:4.0.2-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:2.5.0-1.redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:2.3.20-2.SP4_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:8.1.3-4.GA_redhat_00006.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:5.0.12-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:2.6.6-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:8.1.1-4.GA_redhat_00007.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:4.0.10-1.redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:1.82.0-1.redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:801.3.0-1.GA_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:1.0.1-3.redhat_00003.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:6.6.36-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:4.0.2-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:2.5.0-1.redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:2.3.20-2.SP4_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:8.1.3-4.GA_redhat_00006.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:5.0.12-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:2.6.6-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:8.1.1-4.GA_redhat_00007.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat build of Apache Camel - HawtIO 4-cpe:/a:redhat:apache_camel_hawtio:4
Red HatRed Hat Data Grid 8-cpe:/a:redhat:jboss_data_grid:8
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Fuse 7-cpe:/a:redhat:jboss_fuse:7
Red HatRed Hat JBoss Enterprise Application Platform 7-cpe:/a:redhat:jboss_enterprise_application_platform:7
Red HatRed Hat JBoss Enterprise Application Platform Expansion Pack-cpe:/a:redhat:jbosseapxp
Red HatRed Hat Process Automation 7-cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red HatRed Hat Single Sign-On 7-cpe:/a:redhat:red_hat_single_sign_on:7

II. Public POCs for CVE-2025-12543

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-12543

登录查看更多情报信息。

IV. Related Vulnerabilities

Same vendor: Red Hat
Same weakness: CWE-20

V. Comments for CVE-2025-12543

No comments yet

Leave a comment