CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-2666

It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.031

EPSS Ranking 86.0%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 6.4

References

Products affected by CVE-2017-2666

Redhat » Jboss Enterprise Application Platform » Version: 7.0.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0
Redhat » Jboss Enterprise Application Platform » Version: 7.1.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0
Redhat » Undertow » Version: N/A

cpe:2.3:a:redhat:undertow:-
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0
Redhat » Enterprise Linux » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux:6.0
Redhat » Enterprise Linux » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-2666

Products

Pricing

Contact Us