Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:26341
HistoryAug 18, 2020 - 2:03 a.m.

HTTP Request Smuggling

2020-08-1802:03:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
71

EPSS

0.006

Percentile

78.4%

wildfly-undertow is vulnerable to HTTP request smuggling. The vulnerability exists against HTTP/1.x and HTTP/2 due to an incomplete fix for CVE-2017-2666, permitting invalid characters in an HTTP request. An attacker is able to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

References