Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1101

EMBARGOED CVE-2017-2666 wildfly-undertow: undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests [eap-7.1.0]

    Details

    • Security Sensitive Issue:
      This issue is security relevant

      Description

      Security Tracking Issue
      Do not make this issue public.

      NOTE THIS ISSUE IS CURRENTLY EMBARGOED, DO NOT MAKE PUBLIC COMMITS OR COMMENTS ABOUT THIS ISSUE.

      Flaw:


      EMBARGOED CVE-2017-2666 undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests
      https://bugzilla.redhat.com/show_bug.cgi?id=1436163

      It was found that code that parsed the HTTP request line in undertow permitted invalid characters which results into HTTP request smuggling vulnerability.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  swd847 Stuart Douglas
                  Reporter:
                  swd847 Stuart Douglas
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: