Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1251

CVE-2017-2666 wildfly-undertow: undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests [eap-7.0.5]

    XMLWordPrintable

Details

    Description

      Security Tracking Issue
      Do not make this issue public.

      NOTE THIS ISSUE IS CURRENTLY EMBARGOED, DO NOT MAKE PUBLIC COMMITS OR COMMENTS ABOUT THIS ISSUE.

      Flaw:

      EMBARGOED CVE-2017-2666 undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests
      https://bugzilla.redhat.com/show_bug.cgi?id=1436163

      It was found that code that parsed the HTTP request line in undertow permitted invalid characters which results into HTTP request smuggling vulnerability.

      Attachments

        Activity

          People

            sdouglas1@redhat.com Stuart Douglas
            sdouglas1@redhat.com Stuart Douglas
            Jiří Truhlář (Inactive), Michael Cada, Panagiotis Sotiropoulos, Tomas Hofman
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: