It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
History

Fri, 23 Aug 2024 05:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-07-27T14:00:00

Updated: 2024-08-05T14:02:07.176Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2666

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-27T14:29:00.207

Modified: 2024-11-21T03:23:56.180

Link: CVE-2017-2666

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-06-07T00:00:00Z

Links: CVE-2017-2666 - Bugzilla