Details
-
Bug
-
Status: Resolved (View Workflow)
-
Critical
-
Resolution: Done
-
None
-
None
-
This issue is security relevant
Description
Security Tracking Issue
Do not make this issue public.
NOTE THIS ISSUE IS CURRENTLY EMBARGOED, DO NOT MAKE PUBLIC COMMITS OR COMMENTS ABOUT THIS ISSUE.
Flaw:
EMBARGOED CVE-2017-7559 undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)
https://bugzilla.redhat.com/show_bug.cgi?id=1481665
It was found that original patch for CVE-2017-2666 issue in undertow was incomplete and invalid characters are still allowed in the query string and path parameters.