Vulnerability in Undertow Affects Multiple Versions by Red Hat
CVE-2017-7559
6.1MEDIUM
Summary
In specific versions of Undertow, a flaw exists due to inadequate validation of query string and path parameters. This allows for the injection of invalid characters which can be exploited with a proxy that interprets these characters differently. Such an exploit may lead to data being injected into HTTP responses, enabling attackers to poison web caches, execute XSS attacks, or extract sensitive information from other users' requests.
Affected Version(s)
undertow 2.x before 2.0.0.Alpha2
undertow 1.4.x before 1.4.17.Final
undertow 1.3.x before 1.3.31.Final
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved