ghsa-5gg7-5wv8-4gcj
Vulnerability from github
Published
2022-05-13 01:38
Modified
2024-03-20 14:32
Severity
Summary
Undertow Request Smuggling vulnerability
Details
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "io.undertow:undertow-core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.3.31" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "io.undertow:undertow-core" }, "ranges": [ { "events": [ { "introduced": "1.4.0" }, { "fixed": "1.4.17" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "io.undertow:undertow-core" }, "ranges": [ { "events": [ { "introduced": "2.0.0.Alpha1" }, { "fixed": "2.0.0.Beta1" } ], "type": "ECOSYSTEM" } ], "versions": [ "2.0.0.Alpha1" ] } ], "aliases": [ "CVE-2017-12165" ], "database_specific": { "cwe_ids": [ "CWE-444" ], "github_reviewed": true, "github_reviewed_at": "2022-11-08T12:39:25Z", "nvd_published_at": "2018-07-27T15:29:00Z", "severity": "HIGH" }, "details": "It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.", "id": "GHSA-5gg7-5wv8-4gcj", "modified": "2024-03-20T14:32:43Z", "published": "2022-05-13T01:38:14Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12165" }, { "type": "WEB", "url": "https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f" }, { "type": "WEB", "url": "https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f" }, { "type": "WEB", "url": "https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165" }, { "type": "PACKAGE", "url": "https://github.com/undertow-io/undertow" }, { "type": "WEB", "url": "https://issues.redhat.com/browse/UNDERTOW-1251" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ], "summary": "Undertow Request Smuggling vulnerability" }
Loading...