CVE-2017-12165 – io.undertow:undertow-core

Package

Manager: maven
Name: io.undertow:undertow-core
Vulnerable Version: >=0 <1.3.31 || >=1.4.0 <1.4.17 || =2.0.0.alpha1 || >=2.0.0.alpha1 <2.0.0.beta1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01096 pctl0.77171

Details

Undertow Request Smuggling vulnerability It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Metadata

Created: 2022-05-13T01:38:14Z
Modified: 2024-03-20T14:32:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5gg7-5wv8-4gcj/GHSA-5gg7-5wv8-4gcj.json
CWE IDs: ["CWE-444"]
Alternative ID: GHSA-5gg7-5wv8-4gcj
Finding: F110
Auto approve: 1