Описание
Undertow Request Smuggling vulnerability
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-12165
- https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
- https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f
- https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
- https://issues.redhat.com/browse/UNDERTOW-1251
Пакеты
io.undertow:undertow-core
< 1.3.31
1.3.31
io.undertow:undertow-core
>= 1.4.0, < 1.4.17
1.4.17
io.undertow:undertow-core
= 2.0.0.Alpha1
2.0.0.Beta1
Связанные уязвимости
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 proces ...