Not a user yet?
Log in Register for free Suggest a product
Update

USN-8144-1: Undertow vulnerability

Ubuntu ServerUbuntu Server
Canonical

USN-8144-1: Undertow vulnerability

Publication date: 2 April 2026
Overview: Undertow would allow unintended access to user sessions over the network.

Packages
undertow - Java web server based on non-blocking IO

Details
It was discovered that Undertow incorrectly validated the Host header in
incoming HTTP requests. A remote attacker could possibly use this issue
to gain unintended access to user sessions.

Update instructions
The problem can be corrected by updating your system to the following package versions:

  • 24.04 LTS noble libundertow-java – 2.3.8-2ubuntu0.1~esm1
  • 22.04 LTS jammy libundertow-java – 2.2.16-1ubuntu0.1~esm1
  • 20.04 LTS focal libundertow-java – 2.0.29-1ubuntu0.1~esm1
  • 18.04 LTS bionic libundertow-java – 1.4.23-3ubuntu0.1~esm1
  • 16.04 LTS xenial libundertow-java – 1.3.16-1ubuntu0.1~esm1
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad