Lucene search

K
redhatcveRedhat.comRH:CVE-2017-7559
HistoryNov 01, 2019 - 9:48 a.m.

CVE-2017-7559

2019-11-0109:48:00
redhat.com
access.redhat.com
10

0.006 Low

EPSS

Percentile

78.4%

It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.