Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1165

CVE-2017-7559 wildfly-undertow: undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666) [eap-7.1.0]

    XMLWordPrintable

Details

    • This issue is security relevant

    Description

      Security Tracking Issue
      Do not make this issue public.

      NOTE THIS ISSUE IS CURRENTLY EMBARGOED, DO NOT MAKE PUBLIC COMMITS OR COMMENTS ABOUT THIS ISSUE.

      Flaw:


      EMBARGOED CVE-2017-7559 undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)
      https://bugzilla.redhat.com/show_bug.cgi?id=1481665

      It was found that original patch for CVE-2017-2666 issue in undertow was incomplete and invalid characters are still allowed in the query string and path parameters.

      Attachments

        Activity

          People

            sdouglas1@redhat.com Stuart Douglas
            sdouglas1@redhat.com Stuart Douglas
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: