Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1302

CVE-2018-1067 undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)

    Details

    • Security Sensitive Issue:
      This issue is security relevant

      Description

      Flaw:


      CVE-2018-1067 wildfly: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)
      https://bugzilla.redhat.com/show_bug.cgi?id=1550671

      A flaw was reported in WildFly 12.0.0.CR1 web server is vulnerable to the injection of arbitrary HTTP Header due to insufficient sanitisation and validation of user UTF-8 encoded input before it is used as part of an HTTP header value.

      Although there is a protection against CRLF injection by detecting the presence of a NewLine character (0x0a), it can be bypassed using characters encoded in UTF-8 as the page will try to convert them back to the original Unicode form and extract the last byte.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                swd847 Stuart Douglas
                Reporter:
                swd847 Stuart Douglas
                Involved:
                Bharti Kundal, Brad Maxwell, Carlo de Wolf, Chess Hazlett, Coty Sutherland, Darran Lofthouse, Dimitrios Andreadis, James Perkins, Jason Shepherd, Jimmy Wilson, Lin Gao, mark yarborough, Panagiotis Sotiropoulos, Paul Gier, Pavel Slavicek, Petr Sakar, Radovan Netuka, Rostislav Svoboda, Tim Walsh, Václav Tunka, Vladimir Dosoudil
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: