CVE-2017-12165
2.6
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Summary
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | undertow | 1.4.17 | affected |
| Red Hat | undertow | 1.3.31 | affected |
| Red Hat | undertow | 2.0.0 | affected |
Weaknesses
- CWE-444: CWE-444
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2018:1322
- https://access.redhat.com/errata/RHSA-2018:0002
- https://access.redhat.com/errata/RHSA-2017:3458
- https://access.redhat.com/errata/RHSA-2018:0004
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
- https://access.redhat.com/errata/RHSA-2017:3455
- https://access.redhat.com/errata/RHSA-2017:3456
- https://access.redhat.com/errata/RHSA-2018:0003
- https://access.redhat.com/errata/RHSA-2018:0005
- https://access.redhat.com/errata/RHSA-2017:3454
References
- https://access.redhat.com/errata/RHSA-2018:1322
- https://access.redhat.com/errata/RHSA-2018:0002
- https://access.redhat.com/errata/RHSA-2017:3458
- https://access.redhat.com/errata/RHSA-2018:0004
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
- https://access.redhat.com/errata/RHSA-2017:3455
- https://access.redhat.com/errata/RHSA-2017:3456
- https://access.redhat.com/errata/RHSA-2018:0003
- https://access.redhat.com/errata/RHSA-2018:0005
- https://access.redhat.com/errata/RHSA-2017:3454
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.