Lucene search

Veracode Vulnerability DatabaseVERACODE:5882

HistoryMar 05, 2018 - 8:39 a.m.

HTTP Smuggling

2018-03-0508:39:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.006

Percentile

78.4%

JSON

undertow is vulnerable to HTTP Smuggling attacks. The library does not verify that messages do not contain invalid headers, allowing a malicious user to conduct http smuggling that can lead to cross-site scripting attacks.

References

rhn.redhat.com/errata/RHSA-2017-1409.html

www.securityfocus.com/bid/98966

access.redhat.com/errata/RHSA-2017:1410

access.redhat.com/errata/RHSA-2017:1411

access.redhat.com/errata/RHSA-2017:1412

access.redhat.com/errata/RHSA-2017:3454

access.redhat.com/errata/RHSA-2017:3455

access.redhat.com/errata/RHSA-2017:3456

access.redhat.com/errata/RHSA-2017:3458

bugzilla.redhat.com/show_bug.cgi?id=1436163

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666

issues.jboss.org/browse/UNDERTOW-1101

www.debian.org/security/2017/dsa-3906

EPSS

0.006

Percentile

78.4%

JSON

Related for VERACODE:5882