HTTP Request Smuggling Vulnerability in Undertow by Red Hat
CVE-2017-12165

2.6LOW

Key Information:

Vendor

Red Hat
Status
Undertow
Vendor
CVE Published:
27 July 2018

What is CVE-2017-12165?

This vulnerability exists in Undertow, where improper handling of HTTP request headers with irregular whitespace could lead to HTTP request smuggling attacks. Attackers may exploit this issue to manipulate request parsing, potentially allowing unauthorized access or other malicious activities. It is crucial to update to the latest versions of Undertow to mitigate these risks.

Affected Version(s)

undertow 1.4.17

undertow 1.3.31

undertow 2.0.0

References

https://access.redhat.com/errata/RHSA-2018:1322
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0002
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3458
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
2.6
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.