Search for packages
| purl | pkg:maven/io.undertow/undertow-core@1.4.0 |
| Tags | Ghost |
| Next non-vulnerable version | 2.3.20.Final |
| Latest non-vulnerable version | 2.4.0.Beta1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2e2u-nvuu-kfbs
Aliases: CVE-2017-7559 GHSA-rj76-h87p-r3wf |
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Invalid characters are allowed in query strings and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. |
Affected by 29 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 28 other vulnerabilities. |
|
VCID-77xn-dtdn-hfa2
Aliases: CVE-2017-2666 GHSA-mcfm-h73v-635m |
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) It was discovered in Undertow that the code that parses the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. |
Affected by 0 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 30 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-y5s2-w88t-8uhx
Aliases: CVE-2016-7046 GHSA-3f57-w2rp-72fc |
Uncontrolled Resource Consumption Remote attackers could cause a denial of service (CPU and disk consumption) via a long URL. |
Affected by 32 other vulnerabilities. Affected by 31 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ygp7-kj2w-syat
Aliases: CVE-2017-12165 GHSA-5gg7-5wv8-4gcj |
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling. |
Affected by 0 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 28 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||