HTTP Request Smuggling Vulnerability in Undertow by Red Hat
CVE-2017-12165
2.6LOW
Summary
This vulnerability exists in Undertow, where improper handling of HTTP request headers with irregular whitespace could lead to HTTP request smuggling attacks. Attackers may exploit this issue to manipulate request parsing, potentially allowing unauthorized access or other malicious activities. It is crucial to update to the latest versions of Undertow to mitigate these risks.
Affected Version(s)
undertow 1.4.17
undertow 1.3.31
undertow 2.0.0
References
CVSS V3.1
Score:
2.6
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved