Loading...

XML

Word

Printable

Type: Vulnerability
Resolution: Done-Errata
Priority: Major
Fix Version/s: 8.1 Update 3 CR4, 8.1 Update 3
Affects Version/s: 8.1.0.GA
Component/s: Undertow
Labels:

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

8.1.0.GA
Git Pull Request:
https://github.com/jbossas/jboss-eap8/pull/654, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/173
Intelligence Requested:
Market:
Source:
Researcher
CVE ID:
CVE-2025-12543
CVSS Score:
9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
CWE ID:
CWE-20
Downstream Component Name:
undertow-core
Upstream Affected Component:
undertow-core
Embargo Status:
False

Severity:
Important

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Security Tracking Issue

Do not make this issue public.

Flaw:

Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

An Improper Input Validation vulnerability exists in the Undertow HTTP server (io.undertow:undertow-core) where the implementation does not return a 400 Bad Request response when receiving requests with invalid or malformed Host headers. The flaw can be exploited by remote attackers via specially crafted HTTP requests. Depending on the deployment, the issue enables web cache poisoning, session hijacking, or server-side request forgery (SSRF). Attackers may inject malicious responses into caches, steal authentication tokens, or redirect users to malicious endpoints. Successful exploitation can result in complete account takeover, widespread credential theft, or unauthorized access to internal network resources, thereby compromising confidentiality and integrity of user data.

~~~

The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams

Tracker accuracy feedback form: https://docs.google.com/forms/d/e/1FAIpQLSfa6zTaEGohRdiIqGVAvWTSAL0kpO_DkkEICuIHzQHFwmKswg/viewform

is blocked by

UNDERTOW-2656 CVE-2025-12543 Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

Closed

JBEAP-31345 (8.1.z) Upgrade WildFly Core from 27.1.2.Final-redhat-00002 to 27.1.3.Final-redhat-00001

Closed

is incorporated by

JBEAP-30596 (8.1.z) Upgrade Undertow from 2.3.18.SP1-redhat-00001 to 2.3.20.SP2-redhat-00001

Closed

JBEAP-31380 [GSS](8.1.z) Upgrade JBoss EAP to 8.1.1.GA-redhat-00007 in 8.1 Update 3

Closed

links to

RHSA-2025:155585 Red Hat JBoss Enterprise Application Platform 8.1.3 security update

RHSA-2025:155586 Red Hat JBoss Enterprise Application Platform 8.1.3 security update

RHSA-2025:155588 Red Hat JBoss Enterprise Application Platform 8.1.3 security update

(2 links to)

Assignee:: Bartosz Baranowski

Reporter:: Abhishek Raj

Contributors:: Alessio Soldano, Bartosz Baranowski, Brad Maxwell, Brian Stansberry, Bruno Oliveira da Silva, Darran Lofthouse, Farah Juma, Flavia Rainone, Ilia Vassilev, Ingo Weiss, Ivo Studensky, Martin Svehla, Michaela Osmerova, Neil Wallace, Paramvir Jindal, Pedro Silva, Peter Mackay, Petr Adamec, Petr Beran, Radovan Stancel, Richard Opalka, Roman Stepaniuk, Stefano Maestri, Tom Jenkinson, Vladimir Dosoudil

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Due:: 2026/02/05

Created:: 2025/10/31 7:36 AM

Updated:: 2026/03/04 5:08 PM

Resolved:: 2026/01/08 4:54 PM

Target start:: 2026/01/08

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates