CVE-2017-12165

Опубликовано: 27 июл. 2018

Источник: debian

EPSS Низкий

Описание

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
undertow	fixed	2.0.23-1		package

Примечания

https://bugzilla.redhat.com/show_bug.cgi?id=1490301
Fix likely included in the same commit as the fix for CVE-2017-7559
https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2

EPSS

Процентиль: 78%

0.01096

Низкий

Связанные уязвимости

CVE-2017-12165

CVSS3: 2.6

ubuntu

больше 7 лет назад

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

CVE-2017-12165

CVSS3: 2.6

redhat

около 8 лет назад

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

CVE-2017-12165

CVSS3: 2.6

nvd

больше 7 лет назад

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

GHSA-5gg7-5wv8-4gcj

CVSS3: 7.5

github

больше 3 лет назад

Undertow Request Smuggling vulnerability

EPSS

Процентиль: 78%

0.01096

Низкий