CVE-2017-7657
26.06.2018, 16:29
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
| Vendor | Product | Version |
|---|---|---|
| eclipse | jetty | 𝑥 ≤ 9.2.26 |
| eclipse | jetty | 9.3.0 ≤ 𝑥 < 9.3.24 |
| eclipse | jetty | 9.4.0 ≤ 𝑥 < 9.4.11 |
| debian | debian_linux | 9.0 |
| netapp | e-series_santricity_management | - |
| netapp | e-series_santricity_os_controller | 11.0 ≤ 𝑥 ≤ 11.50.1 |
| netapp | e-series_santricity_web_services | - |
| netapp | element_software | - |
| netapp | element_software_management_node | - |
| netapp | hci_storage_nodes | - |
| netapp | oncommand_system_manager | 3.x:x |
| netapp | oncommand_unified_manager | 𝑥 < 5.2.4 |
| netapp | santricity_cloud_connector | - |
| netapp | snap_creator_framework | 𝑥 < 4.3.3 |
| netapp | snapcenter | 𝑥 < 4.1p3 |
| netapp | snapmanager | 𝑥 < 3.4.2 |
| netapp | snapmanager | 𝑥 < 3.4.2 |
| hp | xp_p9000_command_view | 8.4.0-00 ≤ 𝑥 < 8.6.2-00 |
| oracle | rest_data_services | 11.2.0.4 |
| oracle | rest_data_services | 12.1.0.2 |
| oracle | rest_data_services | 12.2.0.1 |
| oracle | retail_xstore_point_of_service | 7.1 |
| oracle | retail_xstore_point_of_service | 15.0 |
| oracle | retail_xstore_point_of_service | 16.0 |
| oracle | retail_xstore_point_of_service | 17.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| jetty8 |
| ||||||||||||||||||||||||||||||||
| jetty9 |
|
Common Weakness Enumeration
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
- CWE-190 - Integer Overflow or WraparoundThe software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
References