Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:36 a.m.37 views

Undertow vulnerable to Request Smuggling

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...

6.1CVSS1.9AI score0.01655EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2018/01/10 3:29 p.m.37 views

CVE-2017-7559

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...

6.1CVSS6.6AI score0.01655EPSS
Exploits0References1
Prion
Prion
added 2018/01/10 3:29 p.m.52 views

Design/Logic Flaw

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...

5.8CVSS5.9AI score0.02712EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2018/01/10 3:0 p.m.53 views

CVE-2017-7559

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...

6.1CVSS6.3AI score0.01655EPSS
Exploits0
Rows per page
Query Builder