Description

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Remediation

References

CVE-2017-12165

Related Vulnerabilities

WordPress Plugin mySTAT 'mystat.php' SQL Injection (2.6)

Ruby Improper Input Validation Vulnerability (CVE-2008-3657)

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21686)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5681)

WordPress Plugin WP Fastest Cache SQL Injection (0.8.4.8)

Severity

High

Classification

CVE-2017-12165 CWE-444 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities