CVE-2017-7657

jetty: HTTP request smuggling

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

En Eclipse Jetty, en versiones 9.2.x y anteriores, versiones 9.3.x (todas las configuraciones) y versiones 9.4.x (configuración personalizada con el cumplimiento RFC2616 habilitado), los fragmentos transfer-encoding se gestionan de forma incorrecta. El análisis de longitud de fragmento era vulnerable a un desbordamiento de enteros. Así, podría interpretarse un tamaño de fragmento grande como un tamaño menor y el contenido enviado como cuerpo del fragmento podría interpretarse como una petición pipelined. Si Jetty se despliega tras un intermediario que imponía autorización y el intermediario permitía que se pasasen o no se cambiasen grandes fragmentos arbitrarios, este error podría emplearse para omitir la autorización impuesta por el intermediario, ya que la petición pipelined falsa no sería interpretada por el intermediario como una petición.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-04-11 CVE Reserved
2018-06-26 CVE Published
2024-06-05 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-190: Integer Overflow or Wraparound
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CAPEC

References (18)

URL	Tag	Source
http://www.securitytracker.com/id/1041194	Third Party Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668	Third Party Advisory
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E	Mailing List
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	X_refsource_misc

URL	Date	SRC

URL	Date	SRC
https://security.netapp.com/advisory/ntap-20181014-0001	2023-11-07
https://www.oracle.com/security-alerts/cpuoct2020.html	2023-11-07
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	2023-11-07

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2019:0910	2023-11-07
https://www.debian.org/security/2018/dsa-4278	2023-11-07
https://access.redhat.com/security/cve/CVE-2017-7657	2020-09-17
https://bugzilla.redhat.com/show_bug.cgi?id=1595620	2020-09-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hp Search vendor "Hp"	Xp P9000 Command View Search vendor "Hp" for product "Xp P9000 Command View"	>= 8.4.0-00 < 8.6.2-00 Search vendor "Hp" for product "Xp P9000 Command View" and version " >= 8.4.0-00 < 8.6.2-00"	advanced	Affected	in	Hp Search vendor "Hp"	Xp P9000 Search vendor "Hp" for product "Xp P9000"	-	-	Safe
Eclipse Search vendor "Eclipse"		Jetty Search vendor "Eclipse" for product "Jetty"				<= 9.2.26 Search vendor "Eclipse" for product "Jetty" and version " <= 9.2.26"		-		Affected
Eclipse Search vendor "Eclipse"		Jetty Search vendor "Eclipse" for product "Jetty"				>= 9.3.0 < 9.3.24 Search vendor "Eclipse" for product "Jetty" and version " >= 9.3.0 < 9.3.24"		-		Affected
Eclipse Search vendor "Eclipse"		Jetty Search vendor "Eclipse" for product "Jetty"				>= 9.4.0 < 9.4.11 Search vendor "Eclipse" for product "Jetty" and version " >= 9.4.0 < 9.4.11"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Management Search vendor "Netapp" for product "E-series Santricity Management"				-		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				>= 11.0 <= 11.50.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version " >= 11.0 <= 11.50.1"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Web Services Search vendor "Netapp" for product "E-series Santricity Web Services"				-		-		Affected
Netapp Search vendor "Netapp"		Element Software Search vendor "Netapp" for product "Element Software"				-		-		Affected
Netapp Search vendor "Netapp"		Element Software Management Node Search vendor "Netapp" for product "Element Software Management Node"				-		-		Affected
Netapp Search vendor "Netapp"		Hci Storage Nodes Search vendor "Netapp" for product "Hci Storage Nodes"				-		-		Affected
Netapp Search vendor "Netapp"		Oncommand System Manager Search vendor "Netapp" for product "Oncommand System Manager"				3.x Search vendor "Netapp" for product "Oncommand System Manager" and version "3.x"		-		Affected
Netapp Search vendor "Netapp"		Oncommand Unified Manager Search vendor "Netapp" for product "Oncommand Unified Manager"				< 5.2.4 Search vendor "Netapp" for product "Oncommand Unified Manager" and version " < 5.2.4"		-		Affected
Netapp Search vendor "Netapp"		Santricity Cloud Connector Search vendor "Netapp" for product "Santricity Cloud Connector"				-		-		Affected
Netapp Search vendor "Netapp"		Snap Creator Framework Search vendor "Netapp" for product "Snap Creator Framework"				< 4.3.3 Search vendor "Netapp" for product "Snap Creator Framework" and version " < 4.3.3"		-		Affected
Netapp Search vendor "Netapp"		Snapcenter Search vendor "Netapp" for product "Snapcenter"				< 4.1p3 Search vendor "Netapp" for product "Snapcenter" and version " < 4.1p3"		-		Affected
Netapp Search vendor "Netapp"		Snapmanager Search vendor "Netapp" for product "Snapmanager"				< 3.4.2 Search vendor "Netapp" for product "Snapmanager" and version " < 3.4.2"		oracle		Affected
Netapp Search vendor "Netapp"		Snapmanager Search vendor "Netapp" for product "Snapmanager"				< 3.4.2 Search vendor "Netapp" for product "Snapmanager" and version " < 3.4.2"		sap		Affected
Oracle Search vendor "Oracle"		Rest Data Services Search vendor "Oracle" for product "Rest Data Services"				11.2.0.4 Search vendor "Oracle" for product "Rest Data Services" and version "11.2.0.4"		-		Affected
Oracle Search vendor "Oracle"		Rest Data Services Search vendor "Oracle" for product "Rest Data Services"				12.1.0.2 Search vendor "Oracle" for product "Rest Data Services" and version "12.1.0.2"		-		Affected
Oracle Search vendor "Oracle"		Rest Data Services Search vendor "Oracle" for product "Rest Data Services"				12.2.0.1 Search vendor "Oracle" for product "Rest Data Services" and version "12.2.0.1"		-		Affected
Oracle Search vendor "Oracle"		Rest Data Services Search vendor "Oracle" for product "Rest Data Services"				18c Search vendor "Oracle" for product "Rest Data Services" and version "18c"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				7.1 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "7.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				15.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "15.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				16.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "16.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				17.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "17.0"		-		Affected