CVE-2017-12165
published 2018-07-27CVE-2017-12165: It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request…
high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | undertow | < undertow 2.0.23-1 (forky) | undertow 2.0.23-1 (forky) |
| red_hat | undertow | — | — |
| red_hat | undertow | — | — |
| red_hat | undertow | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | undertow | — | — |
| redhat | undertow | >= 0 < 2.0.23-1 | 2.0.23-1 |
| redhat | undertow | >= 1.0.0 < 1.3.31 | 1.3.31 |
| redhat | undertow | >= 1.4.0 < 1.4.17 | 1.4.17 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH