Описание
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | undertow | Not affected | ||
| Red Hat JBoss Data Grid 7 | wildfly-undertow | Not affected | ||
| Red Hat JBoss Fuse 6 | undertow | Not affected | ||
| Red Hat Single Sign-On 7 | wildfly-undertow | Not affected | ||
| Red Hat Virtualization 4 | eap7-undertow | Affected | ||
| Red Hat JBoss A-MQ 6.3 | Fixed | RHSA-2018:1322 | 03.05.2018 | |
| Red Hat JBoss EAP 7 | Fixed | RHSA-2017:3456 | 13.12.2017 | |
| Red Hat JBoss EAP 7 | undertow | Fixed | RHSA-2018:0003 | 03.01.2018 |
| Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 | eap7-activemq-artemis | Fixed | RHSA-2018:0002 | 03.01.2018 |
| Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 | eap7-hibernate | Fixed | RHSA-2018:0002 | 03.01.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS3
Связанные уязвимости
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 proces ...
EPSS
2.6 Low
CVSS3