Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-2666
HistoryJul 27, 2018 - 12:00 a.m.

CVE-2017-2666

2018-07-2700:00:00
ubuntu.com
ubuntu.com
14

0.006 Low

EPSS

Percentile

78.2%

It was discovered in Undertow that the code that parsed the HTTP request
line permitted invalid characters. This could be exploited, in conjunction
with a proxy that also permitted the invalid characters but with a
different interpretation, to inject data into the HTTP response. By
manipulating the HTTP response the attacker could poison a web-cache,
perform an XSS attack, or obtain sensitive information from requests other
than their own.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchundertow< anyUNKNOWN
ubuntu16.04noarchundertow< anyUNKNOWN
ubuntu17.04noarchundertow< 1.4.8-1+deb9u1build0.17.04.1UNKNOWN