Lucene search
K

33 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0851

Malware in sbrugna...

5.8CVSS6AI score0.01147EPSS
Exploits0References21
OSV
OSV
added 2021/06/16 5:47 p.m.61 views

GHSA-QJWC-V72V-FQ6R HTTP request smuggling in Undertow

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

4.8CVSS6.2AI score0.01119EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/06/16 5:47 p.m.112 views

HTTP request smuggling in Undertow

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS2.9AI score0.01119EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/30 5:28 p.m.83 views

HTTP Request Smuggling in Undertow

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS1.9AI score0.01147EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/04/30 5:28 p.m.64 views

GHSA-P9W3-GWC2-CR49 HTTP Request Smuggling in Undertow

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

4.8CVSS6.2AI score0.01147EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 1:19 p.m.5 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
Circl
Circl
added 2021/02/23 8:35 p.m.7 views

CVE-2017-2666

creationtimestamp| type| source ---|---|--- 2021-02-23 20:35:21+00:00| seen| https://t.me/cibsecurity/24005...

6.5CVSS6.1AI score0.02712EPSS
Exploits0References1
Prion
Prion
added 2021/02/23 6:15 p.m.36 views

Design/Logic Flaw

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS5.8AI score0.02712EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/02/23 5:21 p.m.43 views

CVE-2021-20220

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

6AI score0.01119EPSS
Exploits0References2
Prion
Prion
added 2020/09/23 1:15 p.m.44 views

Design/Logic Flaw

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS5.8AI score0.02712EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2020/09/07 1:5 p.m.1 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
Veracode
Veracode
added 2020/08/18 2:3 a.m.118 views

HTTP Request Smuggling

wildfly-undertow is vulnerable to HTTP request smuggling. The vulnerability exists against HTTP/1.x and HTTP/2 due to an incomplete fix for CVE-2017-2666, permitting invalid characters in an HTTP request. An attacker is able to poison a web-cache, perform an XSS attack, or obtain sensitive...

6.5CVSS1.4AI score0.02712EPSS
Exploits0References28Affected Software29
RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.4 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/11/01 9:48 a.m.36 views

CVE-2017-7559

It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...

6.5CVSS1.9AI score0.02712EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/09/04 12:0 a.m.64 views

RHEL 7 : JBoss Enterprise Application Platform 7.0.6 on Red Hat Enterprise Linux 7 (Moderate) (RHSA-2017:1411)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1411 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

8.1CVSS6.7AI score0.06179EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2018/09/04 12:0 a.m.66 views

RHEL 6 : JBoss Enterprise Application Platform 7.0.6 on Red Hat Enterprise Linux 6 (Moderate) (RHSA-2017:1410)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1410 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

8.1CVSS6.7AI score0.06179EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2018/08/29 12:0 a.m.65 views

RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2017:1412)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1412 advisory. The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AWS...

8.1CVSS6.6AI score0.06179EPSS
Exploits0References15
OSV
OSV
added 2018/07/27 2:29 p.m.10 views

CVE-2017-2666

It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating t...

6.5CVSS5.6AI score0.02712EPSS
Exploits0References11
CVE
CVE
added 2018/07/27 2:0 p.m.350 views

CVE-2017-2666

CVE-2017-2666 affects Undertow’s HTTP request line parsing, where invalid characters are allowed. This misparsing can be exploited with a proxy that interprets the same request differently, enabling data to be injected into the HTTP response. Practical consequences stated include web-cache poison...

6.5CVSS5.5AI score0.02712EPSS
Exploits0References11Affected Software1
RedHat Linux
RedHat Linux
added 2018/01/03 10:49 a.m.3 views

undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)

It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...

6.5CVSS7.2AI score0.02712EPSS
Exploits0References4
Rows per page
Query Builder