ByteOS Network

CVE Vulnerability Details :

CVE-2017-7559

PUBLISHED

More Info Official Page

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-10 Jan, 2018 | 15:00

Updated At-16 Sep, 2024 | 19:56

▼CVE Numbering Authority (CNA)

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.

Affected Products

Vendor

Red Hat, Inc.

Product

undertow

Versions

Affected

2.x before 2.0.0.Alpha2
1.4.x before 1.4.17.Final
1.3.x before 1.3.31.Final

Problem Types

Type	CWE ID	Description
CWE	CWE-444	CWE-444

Type: CWE

CWE ID: CWE-444

Description: CWE-444

References

Hyperlink	Resource
https://access.redhat.com/errata/RHSA-2018:1322	vendor-advisory x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0002	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3458	vendor-advisory x_refsource_REDHAT
https://issues.jboss.org/browse/UNDERTOW-1251	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0004	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3455	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3456	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0003	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0005	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3454	vendor-advisory x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2018:1322

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559

Resource:

x_refsource_CONFIRM

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0002

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2017:3458

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://issues.jboss.org/browse/UNDERTOW-1251

Resource:

x_refsource_CONFIRM

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0004

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2017:3455

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2017:3456

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0003

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0005

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://access.redhat.com/errata/RHSA-2017:3454

Resource:

vendor-advisory

x_refsource_REDHAT

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://access.redhat.com/errata/RHSA-2018:1322	vendor-advisory x_refsource_REDHAT x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2018:0002	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2017:3458	vendor-advisory x_refsource_REDHAT x_transferred
https://issues.jboss.org/browse/UNDERTOW-1251	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2018:0004	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2017:3455	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2017:3456	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2018:0003	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2018:0005	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2017:3454	vendor-advisory x_refsource_REDHAT x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2018:1322

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0002

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:3458

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://issues.jboss.org/browse/UNDERTOW-1251

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0004

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:3455

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:3456

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0003

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0005

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:3454

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References