Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2022-02206

Опубликовано: 07 июн. 2018
Источник: fstec
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

Уязвимость реализации протокола Hypertext Transfer Protocol (HTTP/1.1) контейнера сервлетов Eclipse Jetty связана с недостатками обработки заголовков Transfer-Encoding и Content-Length. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)

Вендор

Сообщество свободного программного обеспечения
Oracle Corp.
Eclipse Foundation
IBM Corp.
Apache Software Foundation
HP Inc.

Наименование ПО

Debian GNU/Linux
Retail Xstore Payment
Enterprise Manager Base Platform
Oracle Hospitality Guest Access
Jetty
REST Data Services
Cognos Analytics
Oracle Communications Cloud Native Core Policy
BookKeeper
HP Device Manager
Oracle Retail Xstore Point of Service

Версия ПО

9 (Debian GNU/Linux)
3.3 (Retail Xstore Payment)
13.2.0 (Enterprise Manager Base Platform)
13.3.0 (Enterprise Manager Base Platform)
4.2.0 (Oracle Hospitality Guest Access)
4.2.1 (Oracle Hospitality Guest Access)
от 9.3.0 до 9.3.24.v20180605 (Jetty)
от 9.4.0 до 9.4.11.v20180605 (Jetty)
11.2.0.4 (REST Data Services)
12.1.0.2 (REST Data Services)
12.2.0.1 (REST Data Services)
18c (REST Data Services)
11.0 (Cognos Analytics)
11.1 (Cognos Analytics)
1.5.0 (Oracle Communications Cloud Native Core Policy)
до 9.2.25.v20180606 (Jetty)
4.9.2 (BookKeeper)
до 8.6.2-00 (HP Device Manager)
7.1 (Oracle Retail Xstore Point of Service)
15.0 (Oracle Retail Xstore Point of Service)
16.0 (Oracle Retail Xstore Point of Service)
17.0 (Oracle Retail Xstore Point of Service)

Тип ПО

Операционная система
Прикладное ПО информационных систем
Сетевое средство

Операционные системы и аппаратные платформы

Сообщество свободного программного обеспечения Debian GNU/Linux 9

Уровень опасности уязвимости

Критический уровень опасности (базовая оценка CVSS 2.0 составляет 10)
Критический уровень опасности (базовая оценка CVSS 3.0 составляет 9,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для Eclipse Jetty:
https://www.eclipse.org/jetty/security_reports.php
Для Debian:
https://www.debian.org/security/2018/dsa-4278
Для Oracle:
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Для Apache:
https://lists.apache.org/thread/gg49mcoofz9w3t9rbm7w61ntqg2xqr3l
Для продуктов HP:
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbst03953en_us
Для продуктов IBM:
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-4/

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 90%
0.05006
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-7658

CVSS3: 9.8
ubuntu
больше 7 лет назад

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

redhat логотип

CVE-2017-7658

CVSS3: 9.8
redhat
больше 7 лет назад

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

nvd логотип

CVE-2017-7658

CVSS3: 9.8
nvd
больше 7 лет назад

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

debian логотип

CVE-2017-7658

CVSS3: 9.8
debian
больше 7 лет назад

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP ...

github логотип

GHSA-6x9x-8qw9-9pp6

CVSS3: 9.8
github
больше 7 лет назад

Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)

EPSS

Процентиль: 90%
0.05006
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2