Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1165

CVE-2017-7559 wildfly-undertow: undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666) [eap-7.1.0]

    Details

    • Security Sensitive Issue:
      This issue is security relevant

      Description

      Security Tracking Issue
      Do not make this issue public.

      NOTE THIS ISSUE IS CURRENTLY EMBARGOED, DO NOT MAKE PUBLIC COMMITS OR COMMENTS ABOUT THIS ISSUE.

      Flaw:


      EMBARGOED CVE-2017-7559 undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)
      https://bugzilla.redhat.com/show_bug.cgi?id=1481665

      It was found that original patch for CVE-2017-2666 issue in undertow was incomplete and invalid characters are still allowed in the query string and path parameters.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                swd847 Stuart Douglas
                Reporter:
                swd847 Stuart Douglas
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: