Two vulnerabilities have been discovered in Undertow, a web server written in Java, which may lead to denial of service or HTTP request smuggling.