CVE-2017-7658

jetty: Incorrect header handling

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

En Eclipse Jetty Server, en versiones 9.2.x y anteriores, versiones 9.3.x (todas las configuraciones que no sean HTTP/1.x) y versiones 9.4.x (todas las configuraciones HTTP/1.x), cuando se presentan con dos cabeceras content-lengths, Jetty ignora la segunda. Cuando se presenta con una cabecera de cifrado fragmentada y otra content-length, esta última fue ignorada (según RFC 2616). Si un intermediario se decide por el tamaño más pequeño, pero se sigue pasando como el cuerpo más grande, el contenido del cuerpo podría ser interpretado por Jetty como petición pipelined. Si el intermediario impone la autorización, la petición pipelined falsa omitiría dicha autorización.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-04-11 CVE Reserved
2018-06-26 CVE Published
2024-08-05 CVE Updated
2024-08-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CAPEC

References (19)

URL	Tag	Source
http://www.securityfocus.com/bid/106566	Third Party Advisory
http://www.securitytracker.com/id/1041194	Third Party Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669	Third Party Advisory
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E	Mailing List
https://security.netapp.com/advisory/ntap-20181014-0001	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	X_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	2023-11-07
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	2023-11-07

URL	Date	SRC
https://www.debian.org/security/2018/dsa-4278	2023-11-07
https://access.redhat.com/security/cve/CVE-2017-7658	2020-09-17
https://bugzilla.redhat.com/show_bug.cgi?id=1595621	2020-09-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hp Search vendor "Hp"	Xp P9000 Command View Search vendor "Hp" for product "Xp P9000 Command View"	>= 8.4.0-00 <= 8.6.2-00 Search vendor "Hp" for product "Xp P9000 Command View" and version " >= 8.4.0-00 <= 8.6.2-00"	advanced	Affected	in	Hp Search vendor "Hp"	Xp P9000 Search vendor "Hp" for product "Xp P9000"	-	-	Safe
Eclipse Search vendor "Eclipse"		Jetty Search vendor "Eclipse" for product "Jetty"				<= 9.2.26 Search vendor "Eclipse" for product "Jetty" and version " <= 9.2.26"		-		Affected
Eclipse Search vendor "Eclipse"		Jetty Search vendor "Eclipse" for product "Jetty"				>= 9.3.0 < 9.3.24 Search vendor "Eclipse" for product "Jetty" and version " >= 9.3.0 < 9.3.24"		-		Affected
Eclipse Search vendor "Eclipse"		Jetty Search vendor "Eclipse" for product "Jetty"				>= 9.4.0 < 9.4.11 Search vendor "Eclipse" for product "Jetty" and version " >= 9.4.0 < 9.4.11"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Oracle Search vendor "Oracle"		Rest Data Services Search vendor "Oracle" for product "Rest Data Services"				11.2.0.4 Search vendor "Oracle" for product "Rest Data Services" and version "11.2.0.4"		-		Affected
Oracle Search vendor "Oracle"		Rest Data Services Search vendor "Oracle" for product "Rest Data Services"				12.1.0.2 Search vendor "Oracle" for product "Rest Data Services" and version "12.1.0.2"		-		Affected
Oracle Search vendor "Oracle"		Rest Data Services Search vendor "Oracle" for product "Rest Data Services"				12.2.0.1 Search vendor "Oracle" for product "Rest Data Services" and version "12.2.0.1"		-		Affected
Oracle Search vendor "Oracle"		Rest Data Services Search vendor "Oracle" for product "Rest Data Services"				18c Search vendor "Oracle" for product "Rest Data Services" and version "18c"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Payment Search vendor "Oracle" for product "Retail Xstore Payment"				3.3 Search vendor "Oracle" for product "Retail Xstore Payment" and version "3.3"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				7.1 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "7.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				15.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "15.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				16.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "16.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				17.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "17.0"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Management Search vendor "Netapp" for product "E-series Santricity Management"				-		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				>= 11.0 <= 11.50.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version " >= 11.0 <= 11.50.1"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Web Services Search vendor "Netapp" for product "E-series Santricity Web Services"				-		-		Affected
Netapp Search vendor "Netapp"		Hci Management Node Search vendor "Netapp" for product "Hci Management Node"				-		-		Affected
Netapp Search vendor "Netapp"		Hci Storage Node Search vendor "Netapp" for product "Hci Storage Node"				-		-		Affected
Netapp Search vendor "Netapp"		Oncommand System Manager Search vendor "Netapp" for product "Oncommand System Manager"				>= 3.0 <= 3.1.3 Search vendor "Netapp" for product "Oncommand System Manager" and version " >= 3.0 <= 3.1.3"		-		Affected
Netapp Search vendor "Netapp"		Oncommand Unified Manager For 7-mode Search vendor "Netapp" for product "Oncommand Unified Manager For 7-mode"				-		-		Affected
Netapp Search vendor "Netapp"		Santricity Cloud Connector Search vendor "Netapp" for product "Santricity Cloud Connector"				-		-		Affected
Netapp Search vendor "Netapp"		Snap Creator Framework Search vendor "Netapp" for product "Snap Creator Framework"				-		-		Affected
Netapp Search vendor "Netapp"		Snapcenter Search vendor "Netapp" for product "Snapcenter"				-		-		Affected
Netapp Search vendor "Netapp"		Snapmanager Search vendor "Netapp" for product "Snapmanager"				-		oracle		Affected
Netapp Search vendor "Netapp"		Snapmanager Search vendor "Netapp" for product "Snapmanager"				-		sap		Affected
Netapp Search vendor "Netapp"		Solidfire Search vendor "Netapp" for product "Solidfire"				-		-		Affected
Netapp Search vendor "Netapp"		Storage Services Connector Search vendor "Netapp" for product "Storage Services Connector"				-		-		Affected