Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1251

CVE-2017-2666 wildfly-undertow: undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests [eap-7.0.5]

XMLWordPrintable

      Security Tracking Issue
      Do not make this issue public.

      NOTE THIS ISSUE IS CURRENTLY EMBARGOED, DO NOT MAKE PUBLIC COMMITS OR COMMENTS ABOUT THIS ISSUE.

      Flaw:

      EMBARGOED CVE-2017-2666 undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests
      https://bugzilla.redhat.com/show_bug.cgi?id=1436163

      It was found that code that parsed the HTTP request line in undertow permitted invalid characters which results into HTTP request smuggling vulnerability.

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              sdouglas1@redhat.com Stuart Douglas (Inactive)
              Jiří Truhlář (Inactive), Michael Cada, Panagiotis Sotiropoulos, Tomas Hofman
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: