7.5

CVE-2017-12165

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatUndertow Version >= 1.0.0 < 1.3.31
RedhatUndertow Version >= 1.4.0 < 1.4.17
RedhatUndertow Version2.0.0 Updatealpha_1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.86% 0.765
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
secalert@redhat.com 2.6 1.2 1.4
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

https://access.redhat.com/errata/RHSA-2018:0002
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0003
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0004
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0005
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3454
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3455
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3456
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3458
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1322
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
Vendor Advisory
Issue Tracking