Undertow Request Smuggling Vulnerability via Header Block Terminator

A request smuggling vulnerability has been identified in Undertow. This issue arises because Undertow allows the use of `\r\r\r` as a header block terminator. When this non-standard termination is forwarded by certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, it can be exploited by remote attackers. The exploitation could lead to unauthorized access or manipulation of web requests.

Impact

Exploitation of this vulnerability could enable request smuggling attacks, allowing an attacker to manipulate HTTP requests in a way that could bypass security controls, gain unauthorized access to web applications, or cause web cache poisoning by tricking the server into caching malicious content.

Remediation

To mitigate this vulnerability, configure any proxy servers in front of Undertow to validate HTTP header terminations. Proxies should reject or normalize non-standard header block terminators like `\r\r\r` before forwarding requests to Undertow. This ensures that only properly formed HTTP requests reach the server, preventing request smuggling attacks.