Description

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Remediation

References

CVE-2017-12165

Related Vulnerabilities

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43953)

MySQL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2016-6663)

Lighttpd Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-4727)

WordPress Plugin AP Companion includes Backdoor [Only if downloaded via the vendor website] (1.0.6)

WordPress Plugin Click to Call or Chat Buttons Cross-Site Scripting (1.4.0)

Severity

High

Classification

CVE-2017-12165 CWE-444 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities