CVE-2017-12165

Summary

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Affected Software

VendorProductVersion RangeStatus
Red Hatundertow1.4.17affected
Red Hatundertow1.3.31affected
Red Hatundertow2.0.0affected

Weaknesses

  • CWE-444: CWE-444

ADP Enrichment

CVE Program Container

Additional References

References