Undertow Request Smuggling vulnerability

GHSA-5gg7-5wv8-4gcj · CVE-2017-12165

Published May 13, 2022 · Modified Mar 20, 2024

Description

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-12165
WEB https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
WEB https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f
WEB https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc
WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
PACKAGE https://github.com/undertow-io/undertow
WEB https://issues.redhat.com/browse/UNDERTOW-1251

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes