Lucene search
GoogleOSV:GHSA-MCFM-H73V-635MHistoryOct 19, 2018 - 4:55 p.m.
Undertow-core vulnerable to HTTP Request Smuggling
2018-10-1916:55:14
Google
osv.dev
32
0.006 Low
EPSS
Percentile
78.4%
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
Related
veracode
veracode
HTTP Smuggling
2018-03-05 08:39:59
HTTP Smuggling
2017-06-15 02:56:23
HTTP Request Smuggling
2020-08-18 02:03:52
ubuntucve
ubuntucve
github
github
Undertow-core vulnerable to HTTP Request Smuggling
2018-10-19 16:55:14
HTTP Request Smuggling in Undertow
2021-04-30 17:28:52
Undertow vulnerable to Request Smuggling
2022-05-13 01:36:16
prion
prion
Design/Logic Flaw
2018-07-27 14:29:00
Design/Logic Flaw
2018-01-10 15:29:00
Design/Logic Flaw
2020-09-23 13:15:00
nvd
nvd
debiancve
debiancve
cvelist
cvelist
redhatcve
redhatcve
cve
cve
osv
osv
CVE-2020-10687
2020-09-23 13:15:15
CVE-2017-7559
2018-01-10 15:29:00
Undertow vulnerable to Request Smuggling
2022-05-13 01:36:16
openvas
openvas
Debian Security Advisory DSA 3906-1 (undertow - security update)
2017-07-11 00:00:00
Debian: Security Advisory (DSA-3906-1)
2017-07-10 00:00:00
nessus
nessus
Debian DSA-3906-1 : undertow - security update
2017-07-12 00:00:00
RHEL 6 : JBoss EAP (RHSA-2017:1410)
2018-09-04 00:00:00
RHEL 7 : JBoss EAP (RHSA-2017:1411)
2018-09-04 00:00:00
debian
debian
[SECURITY] [DSA 3906-1] undertow security update
2017-07-11 21:23:40
redhat
redhat