A flaw exists in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an malicious user to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat undertow |
||
redhat single sign-on - |
||
redhat jboss enterprise application platform - |
||
redhat jboss_enterprise_application_platform 7.2 |
||
redhat jboss_enterprise_application_platform 7.3 |
||
redhat jboss_enterprise_application_platform 7.4 |