Security News

Cybersecurity news aggregator

🔓
MEDIUM Vulnerabilities Ubuntu Security

USN-8144-1: Undertow vulnerability

cve-2026-1234javaweb-servercve-2025-12543mitre-ta0001
  • What: Undertow web server has a vulnerability allowing unintended session access
  • Impact: Users of Ubuntu and related systems may be at risk
Read Full Article →

Ubuntu Security Notices USN-8144-1 USN-8144-1: Undertow vulnerability Publication date 2 April 2026 Overview Undertow would allow unintended access to user sessions over the network. Releases 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages undertow - Java web server based on non-blocking IO Details It was discovered that Undertow incorrectly validated the Host header in incoming HTTP requests. A remote attacker could possibly use this issue to gain unintended access to user sessions. It was discovered that Undertow incorrectly validated the Host header in incoming HTTP requests. A remote attacker could possibly use this issue to gain unintended access to user sessions. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 24.04 LTS noble libundertow-java – 2.3.8-2ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 22.04 LTS jammy libundertow-java – 2.2.16-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 20.04 LTS focal libundertow-java – 2.0.29-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 18.04 LTS bionic libundertow-java – 1.4.23-3ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 16.04 LTS xenial libundertow-java – 1.3.16-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2025-12543 CVE-2025-12543

Related Articles

CRITICAL ⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More The Hacker News HIGH [UPDATE] [mittel] Apache Tomcat: Mehrere Schwachstellen BSI Germany CRITICAL [UPDATE] [hoch] Apache Tomcat: Mehrere Schwachstellen BSI Germany CRITICAL [UPDATE] [hoch] Apache Tomcat: Schwachstelle ermöglicht Codeausführung BSI Germany
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn