Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xY3FyLWhjanEtd2hmcc4AAYAj
Improper Neutralization of CRLF Sequences in Wildfly Undertow
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-qcqr-hcjq-whfqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xY3FyLWhjanEtd2hmcc4AAYAj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-qcqr-hcjq-whfq, CVE-2016-4993
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-4993
- https://access.redhat.com/errata/RHSA-2017:3454
- https://access.redhat.com/errata/RHSA-2017:3455
- https://access.redhat.com/errata/RHSA-2017:3456
- https://access.redhat.com/errata/RHSA-2017:3458
- https://bugzilla.redhat.com/show_bug.cgi?id=1344321
- http://rhn.redhat.com/errata/RHSA-2016-1838.html
- http://rhn.redhat.com/errata/RHSA-2016-1839.html
- http://rhn.redhat.com/errata/RHSA-2016-1840.html
- http://rhn.redhat.com/errata/RHSA-2016-1841.html
- https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12
- https://issues.redhat.com/browse/UNDERTOW-827
- https://github.com/advisories/GHSA-qcqr-hcjq-whfq
Blast Radius: 12.9
Affected Packages
maven:org.wildfly:wildfly-undertow
Dependent packages: 96Dependent repositories: 131
Downloads:
Affected Version Ranges: >= 10.0.0.Final, <= 10.1.0.Final
Fixed in: 11.0.0.Final
All affected versions:
All unaffected versions: