Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1251

CVE-2017-2666 wildfly-undertow: undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests [eap-7.0.5]

    Details

      Description

      Security Tracking Issue
      Do not make this issue public.

      NOTE THIS ISSUE IS CURRENTLY EMBARGOED, DO NOT MAKE PUBLIC COMMITS OR COMMENTS ABOUT THIS ISSUE.

      Flaw:


      EMBARGOED CVE-2017-2666 undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests
      https://bugzilla.redhat.com/show_bug.cgi?id=1436163

      It was found that code that parsed the HTTP request line in undertow permitted invalid characters which results into HTTP request smuggling vulnerability.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                swd847 Stuart Douglas
                Reporter:
                swd847 Stuart Douglas
                Involved:
                Jiří Truhlář, Michael Cada, Panagiotis Sotiropoulos, Tomas Hofman
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: