Page 5 of 26 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. En Undertow, en versiones anteriores a la 7.1.2.CR1, 7.1.2.GA, se descubrió que la solución para CVE-2016-4993 no estaba completa. Por lo tanto, el servidor web de Undertow es vulnerable a la inyección de cabeceras HTTP arbitrarias y también a la separación de respuestas, debido al saneamiento y validación insuficientes de entradas de usuario antes de que se empleen como parte de un valor de cabecera HTTP. It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. • https://access.redhat.com/errata/RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1248 https://access.redhat.com/errata/RHSA-2018:1249 https://access.redhat.com/errata/RHSA-2018:1251 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2019:0877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067 https://access.redhat.com/security/cve/CVE-2018-1067 https://bugzilla.redhat.com/show_bug.cgi?id=1550671 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server. Se ha descubierto que undertow, en sus versiones 1.4.18.SP1, 2.0.2.Final y 1.4.24.Final, es vulnerable al usar la autenticación Digest, ya que el servidor no garantiza que el valor del URI en la cabecera Authorization coincida con el URIb en la línea de petición HTTP. Esto permite que el atacante provoque un ataque Man-in-the-Middle (MitM) y acceda al contenido que desee en el servidor. It was discovered that when using Digest authentication, the server does not ensure that the value of the URI in the authorization header matches the URI in the HTTP request line. • https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://access.redhat.com/errata/RHSA-2018:1525 https://access.redhat.com/errata/RHSA-2018:2405 https://access.redhat.com/errata/RHSA-2018:3768 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196 https://issues.jboss.org/browse/UNDERTOW-1190 https://access.redhat.com/sec • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. En Undertow 2.x anteriores a 2.0.0.Alpha2, 1.4.x anteriores a 1.4.17.Final y 1.3.x anteriores a 1.3.31.Final, se ha descubierto que la solución para CVE-2017-2666 era incompleta y los caracteres no válidos todavía se permitían en la cadena de la consulta y en los parámetros de la ruta. Esto se podría explotar junto con un proxy que también permita los caracteres no válidos, pero con una interpretación diferente, para inyectar datos en la respuesta HTTP. • https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0005 https://access.redhat.com/errata/RHSA-2018:1322 https://bugzilla.redhat.com/show_bug. • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. Se ha descubierto que Undertow en versiones anteriores a la 1.4.17, 1.3.31 y 2.0.0 procesa cabeceras de petición HTTP con espacios en blanco inusuales que pueden provocar HTTP Request Smuggling. It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling. • https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0005 https://access.redhat.com/errata/RHSA-2018:1322 https://bugzilla.redhat.com/show_bug. • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. Se ha encontrado en Undertow en versiones anteriores a la 1.3.28 que con el cierre no seguro de TCP, el servidor Websocket entra en bucle infinito en cada hilo IO, provocando efectivamente una denegación de servicio (DoS). It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS. • http://rhn.redhat.com/errata/RHSA-2017-1409.html http://www.securityfocus.com/bid/98965 https://access.redhat.com/errata/RHSA-2017:1410 https://access.redhat.com/errata/RHSA-2017:1411 https://access.redhat.com/errata/RHSA-2017:1412 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •