Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2017-12165
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
| Software | From | Fixed in |
|---|---|---|
| redhat / undertow | 1.4.0 | 1.4.17 |
| redhat / undertow | 1.0.0 | 1.3.31 |
| redhat / undertow | 2.0.0-alpha_1 | 2.0.0-alpha_1.x |
| redhat / jboss_enterprise_application_platform | 7.1.0 | 7.1.0.x |
| redhat / jboss_enterprise_application_platform | 7.0.0 | 7.0.0.x |
io.undertow / undertow-core
|
- | 1.3.31 |
|
io.undertow / undertow-core
|
1.4.0 | 1.4.17 |
|
io.undertow / undertow-core
|
2.0.0.Alpha1 | 2.0.0.alpha1.x |
|
io.undertow / undertow-core
|
2.0.0.Alpha1 | 2.0.0.Beta1 |
- https://access.redhat.com/errata/RHSA-2017:3454
- https://access.redhat.com/errata/RHSA-2017:3455
- https://access.redhat.com/errata/RHSA-2017:3456
- https://access.redhat.com/errata/RHSA-2017:3458
- https://access.redhat.com/errata/RHSA-2018:0002
- https://access.redhat.com/errata/RHSA-2018:0003
- https://access.redhat.com/errata/RHSA-2018:0004
- https://access.redhat.com/errata/RHSA-2018:0005
- https://access.redhat.com/errata/RHSA-2018:1322
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
- https://issues.redhat.com/browse/UNDERTOW-1251
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime