Lucene search

K
cvelistRedhatCVELIST:CVE-2017-12165
HistoryJul 27, 2018 - 3:00 p.m.

CVE-2017-12165

2018-07-2715:00:00
CWE-444
redhat
www.cve.org
1

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

8.5

Confidence

High

EPSS

0.005

Percentile

75.6%

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

CNA Affected

[
  {
    "product": "undertow",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "1.4.17"
      },
      {
        "status": "affected",
        "version": "1.3.31"
      },
      {
        "status": "affected",
        "version": "2.0.0"
      }
    ]
  }
]

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

8.5

Confidence

High

EPSS

0.005

Percentile

75.6%