CVE-2017-2666

Name of the Vulnerable Software and Affected Versions: Undertow (affected versions not specified)

Description: A flaw was found in Undertow where the HTTP request line parsing code allowed invalid characters. This could be exploited, in conjunction with a proxy that also allowed these characters but interpreted them differently, to inject data into the HTTP response. An attacker could manipulate the HTTP response to poison a web-cache, perform a cross-site scripting (XSS) attack, or obtain sensitive information from requests other than their own.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.