CVE-2017-2666 — HTTP Request Smuggling in Redhat Undertow

CWE-444 — HTTP Request Smuggling34 documents8 sources

Severity

6.5MEDIUMNVD

NVD6.1NVD4.8

EPSS

1.4%

top 19.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Undertow RED HAT INC Undertow Debian Linux +1 more

Timeline

PublishedJul 27

Latest updateMay 13

Description

It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages5 packages

▶NVDredhat/undertow2.1.0 — 2.1.6+5

▶Debianredhat/undertow< 2.2.0-1+2

▶CVEListV5redhat/undertowUndertow 2.2.0.Final, Undertow 2.2.0.Final, Undertow 2.1.6.Final, Undertow 2.0.34.Final+1

▶CVEListV5red_hat_inc/undertow1.3.x before 1.3.31.Final, 1.4.x before 1.4.17.Final, 2.x before 2.0.0.Alpha2+2

▶NVDredhat/jboss_enterprise_application_platform5 versions+4

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

GHSA

Undertow vulnerable to Request Smuggling↗2022-05-13

▶

OSV

Undertow vulnerable to Request Smuggling↗2022-05-13

▶

OSV

HTTP request smuggling in Undertow↗2021-06-16

▶

GHSA

HTTP request smuggling in Undertow↗2021-06-16

▶

OSV

HTTP Request Smuggling in Undertow↗2021-04-30

▶

📋Vendor Advisories

Red Hat

undertow: Possible regression in fix for CVE-2020-10687↗2021-02-04

▶

Debian

CVE-2021-20220: undertow - A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was fou...↗2021

▶

Red Hat

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests↗2020-04-15

▶

Debian

CVE-2020-10687: undertow - A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, w...↗2020

▶

Red Hat

undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)↗2017-12-13

▶

📐Framework References

CAPEC

HTTP Response Smuggling

▶

💬Community

Bugzilla

CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests↗2019-12-19

▶

Bugzilla

CVE-2017-2666 undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests [fedora-all]↗2017-08-15

▶

Bugzilla

CVE-2017-7559 undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)↗2017-08-15

▶

Bugzilla

CVE-2017-2670 undertow: IO thread DoS via unclean Websocket closing↗2017-04-04

▶

Bugzilla

CVE-2017-2666 undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests↗2017-03-27

▶