CVE-2017-12165 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.6 LOW	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
redhat	CNA	2.6 LOW	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 77%

Vendor	Product	Version
redhat	undertow	1.0.0 ≤ 𝑥 < 1.3.31
redhat	undertow	1.4.0 ≤ 𝑥 < 1.4.17
redhat	undertow	2.0.0:alpha_1
redhat	jboss_enterprise_application_platform	7.0.0
redhat	jboss_enterprise_application_platform	7.1.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

undertow

sid	2.3.8-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

undertow

noble	needs-triage
mantic	dne
lunar	dne
kinetic	Fixed 2.0.23-1 released
jammy	Fixed 2.0.23-1 released
impish	Fixed 2.0.23-1 released
hirsute	Fixed 2.0.23-1 released
groovy	Fixed 2.0.23-1 released
focal	Fixed 2.0.23-1 released
eoan	Fixed 2.0.23-1 released
disco	ignored
cosmic	ignored
bionic	needed
artful	ignored
zesty	ignored
xenial	needed
trusty	dne

Common Weakness Enumeration

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References

https://access.redhat.com/errata/RHSA-2017:3454

https://access.redhat.com/errata/RHSA-2017:3455

https://access.redhat.com/errata/RHSA-2017:3456

https://access.redhat.com/errata/RHSA-2017:3458

https://access.redhat.com/errata/RHSA-2018:0002

https://access.redhat.com/errata/RHSA-2018:0003

https://access.redhat.com/errata/RHSA-2018:0004

https://access.redhat.com/errata/RHSA-2018:0005

https://access.redhat.com/errata/RHSA-2018:1322

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165

https://access.redhat.com/errata/RHSA-2017:3454

https://access.redhat.com/errata/RHSA-2017:3455

https://access.redhat.com/errata/RHSA-2017:3456

https://access.redhat.com/errata/RHSA-2017:3458

https://access.redhat.com/errata/RHSA-2018:0002

https://access.redhat.com/errata/RHSA-2018:0003

https://access.redhat.com/errata/RHSA-2018:0004

https://access.redhat.com/errata/RHSA-2018:0005

https://access.redhat.com/errata/RHSA-2018:1322

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165