Lucene search

Veracode Vulnerability DatabaseVERACODE:26344

HistoryAug 18, 2020 - 2:04 a.m.

HTTP Response Splitting

2020-08-1802:04:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

undertow is vulnerable to HTTP response splitting. The vulnerability exists as in EAP, the field-name is not parsed in accordance to RFC7230.

CPENameOperatorVersion
eap7-hibernate-validatoreq6.0.16__1.Final_redhat_00001.1.el7eap
eap7-hibernate-validatoreq5.2.5__1.Final_redhat_1.1.ep7.el7
eap7-hibernate-validatoreq5.2.4__1.Final_redhat_1.1.ep7.el6
eap7-hibernate-validatoreq5.3.5__3.Final_redhat_2.1.ep7.el7
eap7-hibernate-validatoreq5.2.4__1.Final_redhat_1.1.ep7.el7
eap7-hibernate-validatoreq6.0.14__1.Final_redhat_00001.1.el8eap
eap7-hibernate-validatoreq6.0.14__1.Final_redhat_00001.1.el6eap
eap7-hibernate-validatoreq6.0.14__1.Final_redhat_00001.1.el7eap
eap7-hibernate-validatoreq6.0.18__1.Final_redhat_00001.1.el7eap
eap7-hibernate-validatoreq6.0.18__1.Final_redhat_00001.1.el6eap

Name	Operator	Version
eap7-hibernate-validator	eq	6.0.16__1.Final_redhat_00001.1.el7eap
eap7-hibernate-validator	eq	5.2.5__1.Final_redhat_1.1.ep7.el7
eap7-hibernate-validator	eq	5.2.4__1.Final_redhat_1.1.ep7.el6
eap7-hibernate-validator	eq	5.3.5__3.Final_redhat_2.1.ep7.el7
eap7-hibernate-validator	eq	5.2.4__1.Final_redhat_1.1.ep7.el7
eap7-hibernate-validator	eq	6.0.14__1.Final_redhat_00001.1.el8eap
eap7-hibernate-validator	eq	6.0.14__1.Final_redhat_00001.1.el6eap
eap7-hibernate-validator	eq	6.0.14__1.Final_redhat_00001.1.el7eap
eap7-hibernate-validator	eq	6.0.18__1.Final_redhat_00001.1.el7eap
eap7-hibernate-validator	eq	6.0.18__1.Final_redhat_00001.1.el6eap

Rows per page:

1-10 of 8161

References

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

access.redhat.com/errata/RHSA-2020:3461

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1793970

issues.redhat.com/browse/JBEAP-18793

issues.redhat.com/browse/JBEAP-19095

issues.redhat.com/browse/JBEAP-19134

issues.redhat.com/browse/JBEAP-19185

issues.redhat.com/browse/JBEAP-19203

issues.redhat.com/browse/JBEAP-19205

issues.redhat.com/browse/JBEAP-19269

issues.redhat.com/browse/JBEAP-19322

issues.redhat.com/browse/JBEAP-19325

issues.redhat.com/browse/JBEAP-19397

issues.redhat.com/browse/JBEAP-19409

issues.redhat.com/browse/JBEAP-19529

issues.redhat.com/browse/JBEAP-19564

issues.redhat.com/browse/JBEAP-19585

issues.redhat.com/browse/JBEAP-19617

issues.redhat.com/browse/JBEAP-19619

issues.redhat.com/browse/JBEAP-19673

issues.redhat.com/browse/JBEAP-19674

issues.redhat.com/browse/JBEAP-19874

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:26344