Description

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Remediation

References

CVE-2017-12165

Related Vulnerabilities

WordPress Plugin CYSTEME Finder, the admin files explorer Unspecified Vulnerability (1.7)

Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.2.2)

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Multiple Vulnerabilities (1.5.2)

Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-34798)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.12)

Severity

High

Classification

CVE-2017-12165 CWE-444 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities