PT-2018-10045 · Red Hat · Undertow

Ammarit Thongthua

Publicado

2018-05-21

Atualizado

2022-05-13

CVE-2018-1067

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Undertow versions prior to 7.1.2.CR1 Undertow versions prior to 7.1.2.GA

Description The issue is related to insufficient sanitization and validation of user input before it is used as part of an HTTP header value, allowing the injection of arbitrary HTTP headers and response splitting.

Recommendations For versions prior to 7.1.2.CR1, update to version 7.1.2.CR1 or later. For versions prior to 7.1.2.GA, update to version 7.1.2.GA or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-113

Identificadores relacionados

CVE-2018-1067

GHSA-47MP-RQ2X-WJF2

RHSA-2018:1247

RHSA-2018:1248

RHSA-2018:1249

RHSA-2018:2643

Produtos afetados

Undertow

PT-2018-10045 · Red Hat · Undertow

CVE-2018-1067

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17