Control: severity -1 important I am no longer sure undertow is affected. The issue is marked resolved upstream and one of the fixing commits
https://github.com/wildfly/wildfly/pull/10748/files indicates the bug was in WildFly's undertow extension but not in Undertow itself. I keep this bug report open for a little while longer until UNDERTOW-1295 is resolved and we get more information about the vulnerabilities.
Description: OpenPGP digital signature