Switch to version specified in last column
|io.undertow : undertow-core : 1.4.25.Final
|Description from CVE Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. Explanation
The undertow-core package is vulnerable to Information Exposure. The getHostAndPort() method in the HttpServerExchange class exposes an internal IP address via the Location header during a 302 redirect if the host header field is not set. A remote attacker can exploit this issue by submitting a GET request that results in a 302 redirect response. The attacker can leverage this vulnerability to exfiltrate an internal IP address that can potentially be used for further attacks.
|Switch to 2.0.17.Final
|Version updated to adhere Dublin Release compliance