CVE-2017-7559 – undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)

https://notcve.org/view.php?id=CVE-2017-7559

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. En Undertow 2.x anteriores a 2.0.0.Alpha2, 1.4.x anteriores a 1.4.17.Final y 1.3.x anteriores a 1.3.31.Final, se ha descubierto que la solución para CVE-2017-2666 era incompleta y los caracteres no válidos todavía se permitían en la cadena de la consulta y en los parámetros de la ruta. Esto se podría explotar junto con un proxy que también permita los caracteres no válidos, pero con una interpretación diferente, para inyectar datos en la respuesta HTTP. • https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0005 https://access.redhat.com/errata/RHSA-2018:1322 https://bugzilla.redhat.com/show_bug. • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •