HTTP request smuggling In java-1.7.0-openjdk
Description
It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel6 | 1:1.7.0.131-2.6.9.0.el6_8 | ||
rpm rhel7 | 1:1.7.0.131-2.6.9.0.el7_3 | ||
rpm rhel6 | 1:1.8.0.121-0.b13.el6_8 | ||
rpm rhel5 | 1:1.7.0.131-2.6.9.0.el5_11 | ||
rpm rhel7 | 1:1.8.0.121-0.b13.el7_3 |
Aliases
1. 2. 3.