Description

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Remediation

References

CVE-2017-12165

Related Vulnerabilities

WordPress Plugin WordPress Download Manager Unspecified Vulnerability (2.9.96)

MongoDb Excessive Iteration Vulnerability (CVE-2018-20805)

Atlassian Jira CVE-2020-36286 Vulnerability (CVE-2020-36286)

WordPress Plugin Gallery Categories by BestWebSoft Cross-Site Scripting (1.0.8)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler SQL Injection (6.3.0)

Severity

High

Classification

CVE-2017-12165 CWE-444 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities