Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1067

Опубликовано: 25 апр. 2018
Источник: redhat
CVSS3: 5.4
CVSS2: 5.8
EPSS Низкий

Описание

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.

It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tomcat5Not affected
Red Hat Enterprise Linux 6tomcat6Not affected
Red Hat Enterprise Linux 7tomcatNot affected
Red Hat Enterprise Linux 8pki-deps:10.6/pki-servlet-containerNot affected
Red Hat JBoss BRMS 5jbosswebWill not fix
Red Hat JBoss Data Grid 6jbosswebNot affected
Red Hat JBoss Data Grid 7wildflyNot affected
Red Hat JBoss Enterprise Application Platform 5jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 6jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 7wildflyNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-113
https://bugzilla.redhat.com/show_bug.cgi?id=1550671undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)

EPSS

Процентиль: 70%
0.00626
Низкий

5.4 Medium

CVSS3

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2018-1067

CVSS3: 6.1
ubuntu
больше 7 лет назад

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.

nvd логотип

CVE-2018-1067

CVSS3: 6.1
nvd
больше 7 лет назад

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.

debian логотип

CVE-2018-1067

CVSS3: 6.1
debian
больше 7 лет назад

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the ...

github логотип

GHSA-47mp-rq2x-wjf2

CVSS3: 6.1
github
больше 3 лет назад

Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow

EPSS

Процентиль: 70%
0.00626
Низкий

5.4 Medium

CVSS3

5.8 Medium

CVSS2