CVE-2017-12165

2.6LOW

Key Information:

Vendor: Red Hat
Status: Undertow
Vendor: CVE Published:; 27 July 2018

Summary

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Affected Version(s)

undertow 1.4.17

undertow 1.3.31

undertow 2.0.0

References

https://access.redhat.com/errata/RHSA-2018:1322

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2018:0002

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2017:3458

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 27, 2018
Vulnerability Reserved
Aug 1, 2017

Collectors

NVD DatabaseMitre Database