PT-2018-10045 · Red Hat · Undertow

Ammarit Thongthua

Published

2018-05-21

Updated

2022-05-13

CVE-2018-1067

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Undertow versions prior to 7.1.2.CR1 Undertow versions prior to 7.1.2.GA

Description The issue is related to insufficient sanitization and validation of user input before it is used as part of an HTTP header value, allowing the injection of arbitrary HTTP headers and response splitting.

Recommendations For versions prior to 7.1.2.CR1, update to version 7.1.2.CR1 or later. For versions prior to 7.1.2.GA, update to version 7.1.2.GA or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-113

Related Identifiers

CVE-2018-1067

GHSA-47MP-RQ2X-WJF2

RHSA-2018:1247

RHSA-2018:1248

RHSA-2018:1249

RHSA-2018:2643

Affected Products

Undertow

PT-2018-10045 · Red Hat · Undertow

CVE-2018-1067

Weakness Enumeration

Related Identifiers

Affected Products

References · 17