Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

N/A

Source -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
0Vulnerabilities found
CVE-2017-7658
Assigner-Eclipse Foundation
ShareView Details
Assigner-Eclipse Foundation
CVSS Score-9.8||CRITICAL
EPSS-9.39% / 92.46%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 17:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Action-Not Available
Vendor-NetApp, Inc.Eclipse Foundation AISBLOracle CorporationDebian GNU/LinuxHP Inc.
Product-rest_data_serviceshci_storage_nodexp_p9000storage_services_connectorsolidfiresnapcenterretail_xstore_paymentdebian_linuxxp_p9000_command_viewsnapmanagerhci_management_nodee-series_santricity_os_controlleroncommand_system_managerretail_xstore_point_of_servicee-series_santricity_managementsnap_creator_frameworkoncommand_unified_manager_for_7-modesantricity_cloud_connectore-series_santricity_web_servicesjettyEclipse Jetty
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')