Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.2 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/07 12:57 p.m.2 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.2 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
CNVD
CNVD
added 2020/04/28 12:0 a.m.2 views

Red Hat Undertow Input Validation Error Vulnerability

Red Hat Undertow is a U.S. Red Hat Red Hat, a Java-based embedded Web server, is the default Web server Wildfly Java application server. A security vulnerability exists in Red Hat Undertow that stems from allowing invalid characters in HTTP requests. An attacker could exploit this vulnerability t...

5.8CVSS6.2AI score0.01147EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/06/07 5:22 p.m.6 views

undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
Rows per page
Query Builder