CVE-2017-7559
undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
En Undertow 2.x anteriores a 2.0.0.Alpha2, 1.4.x anteriores a 1.4.17.Final y 1.3.x anteriores a 1.3.31.Final, se ha descubierto que la solución para CVE-2017-2666 era incompleta y los caracteres no válidos todavía se permitían en la cadena de la consulta y en los parámetros de la ruta. Esto se podría explotar junto con un proxy que también permita los caracteres no válidos, pero con una interpretación diferente, para inyectar datos en la respuesta HTTP. Manipulando la respuesta HTTP, el atacante podría envenenar un web-cache, realizar un ataque Cross-Site Scripting (XSS) u obtener información sensible de peticiones que no sean las suyas.
It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-12-14 CVE Published
- 2023-05-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CAPEC
References (13)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:3454 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2017:3455 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2017:3456 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2017:3458 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:0002 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:0003 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:0004 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:0005 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:1322 | 2019-10-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559 | 2019-10-09 | |
| https://issues.jboss.org/browse/UNDERTOW-1251 | 2019-10-09 | |
| https://access.redhat.com/security/cve/CVE-2017-7559 | 2018-05-03 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1481665 | 2018-05-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Undertow Search vendor "Redhat" for product "Undertow" | >= 1.3.0 < 1.3.31 Search vendor "Redhat" for product "Undertow" and version " >= 1.3.0 < 1.3.31" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Undertow Search vendor "Redhat" for product "Undertow" | >= 1.4.0 < 1.4.17 Search vendor "Redhat" for product "Undertow" and version " >= 1.4.0 < 1.4.17" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Undertow Search vendor "Redhat" for product "Undertow" | 2.0.0 Search vendor "Redhat" for product "Undertow" and version "2.0.0" | alpha1 |
Affected
| ||||||