CVE-2017-12165 LOW

CVE-2017-12165

Vendor Red Hat
Product undertow
Weakness CWE-444
Published July 27, 2018
Last update August 5, 2024

CVSS base score

2.6/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Key dates

02Disclosure timeline

July 27, 2018 CVE published
August 5, 2024 Record updated