Search for vulnerabilities
Vulnerability details: VCID-v1v9-q4nr-efh9
Vulnerability ID VCID-v1v9-q4nr-efh9
Aliases CVE-2018-1067
GHSA-47mp-rq2x-wjf2
Summary In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2018:1247
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:1247
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2018:1248
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:1248
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2018:1249
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:1249
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2018:1251
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:1251
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2018:2643
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:2643
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2019:0877
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2019:0877
cvssv3 5.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2018-1067
cvssv3.1 6.1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-47mp-rq2x-wjf2
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2018-1067
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2018-1067
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2018-1067
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2018:1247
https://access.redhat.com/errata/RHSA-2018:1248
https://access.redhat.com/errata/RHSA-2018:1249
https://access.redhat.com/errata/RHSA-2018:1251
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2019:0877
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json
https://api.first.org/data/v1/epss?cve=CVE-2018-1067
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
https://nvd.nist.gov/vuln/detail/CVE-2018-1067
1550671 https://bugzilla.redhat.com/show_bug.cgi?id=1550671
900323 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
GHSA-47mp-rq2x-wjf2 https://github.com/advisories/GHSA-47mp-rq2x-wjf2
RHSA-2020:2562 https://access.redhat.com/errata/RHSA-2020:2562
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2018:1247
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2018:1248
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2018:1249
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2018:1251
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2018:2643
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2019:0877
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1067
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1067
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.69171
EPSS Score 0.00622
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T07:58:44.199563+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 37.0.0