Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-7559

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
Products affected by CVE-2017-7559
  • Redhat » Undertow » Version: 1.3.0
    cpe:2.3:a:redhat:undertow:1.3.0
  • Redhat » Undertow » Version: 1.3.1
    cpe:2.3:a:redhat:undertow:1.3.1
  • Redhat » Undertow » Version: 1.3.10
    cpe:2.3:a:redhat:undertow:1.3.10
  • Redhat » Undertow » Version: 1.3.11
    cpe:2.3:a:redhat:undertow:1.3.11
  • Redhat » Undertow » Version: 1.3.12
    cpe:2.3:a:redhat:undertow:1.3.12
  • Redhat » Undertow » Version: 1.3.13
    cpe:2.3:a:redhat:undertow:1.3.13
  • Redhat » Undertow » Version: 1.3.14
    cpe:2.3:a:redhat:undertow:1.3.14
  • Redhat » Undertow » Version: 1.3.15
    cpe:2.3:a:redhat:undertow:1.3.15
  • Redhat » Undertow » Version: 1.3.16
    cpe:2.3:a:redhat:undertow:1.3.16
  • Redhat » Undertow » Version: 1.3.17
    cpe:2.3:a:redhat:undertow:1.3.17
  • Redhat » Undertow » Version: 1.3.18
    cpe:2.3:a:redhat:undertow:1.3.18
  • Redhat » Undertow » Version: 1.3.19
    cpe:2.3:a:redhat:undertow:1.3.19
  • Redhat » Undertow » Version: 1.3.2
    cpe:2.3:a:redhat:undertow:1.3.2
  • Redhat » Undertow » Version: 1.3.20
    cpe:2.3:a:redhat:undertow:1.3.20
  • Redhat » Undertow » Version: 1.3.21
    cpe:2.3:a:redhat:undertow:1.3.21
  • Redhat » Undertow » Version: 1.3.22
    cpe:2.3:a:redhat:undertow:1.3.22
  • Redhat » Undertow » Version: 1.3.23
    cpe:2.3:a:redhat:undertow:1.3.23
  • Redhat » Undertow » Version: 1.3.24
    cpe:2.3:a:redhat:undertow:1.3.24
  • Redhat » Undertow » Version: 1.3.25
    cpe:2.3:a:redhat:undertow:1.3.25
  • Redhat » Undertow » Version: 1.3.26
    cpe:2.3:a:redhat:undertow:1.3.26
  • Redhat » Undertow » Version: 1.3.27
    cpe:2.3:a:redhat:undertow:1.3.27
  • Redhat » Undertow » Version: 1.3.28
    cpe:2.3:a:redhat:undertow:1.3.28
  • Redhat » Undertow » Version: 1.3.29
    cpe:2.3:a:redhat:undertow:1.3.29
  • Redhat » Undertow » Version: 1.3.3
    cpe:2.3:a:redhat:undertow:1.3.3
  • Redhat » Undertow » Version: 1.3.30
    cpe:2.3:a:redhat:undertow:1.3.30
  • Redhat » Undertow » Version: 1.3.4
    cpe:2.3:a:redhat:undertow:1.3.4
  • Redhat » Undertow » Version: 1.3.5
    cpe:2.3:a:redhat:undertow:1.3.5
  • Redhat » Undertow » Version: 1.3.6
    cpe:2.3:a:redhat:undertow:1.3.6
  • Redhat » Undertow » Version: 1.3.7
    cpe:2.3:a:redhat:undertow:1.3.7
  • Redhat » Undertow » Version: 1.3.8
    cpe:2.3:a:redhat:undertow:1.3.8
  • Redhat » Undertow » Version: 1.3.9
    cpe:2.3:a:redhat:undertow:1.3.9
  • Redhat » Undertow » Version: 1.4.0
    cpe:2.3:a:redhat:undertow:1.4.0
  • Redhat » Undertow » Version: 1.4.1
    cpe:2.3:a:redhat:undertow:1.4.1
  • Redhat » Undertow » Version: 1.4.10
    cpe:2.3:a:redhat:undertow:1.4.10
  • Redhat » Undertow » Version: 1.4.11
    cpe:2.3:a:redhat:undertow:1.4.11
  • Redhat » Undertow » Version: 1.4.12
    cpe:2.3:a:redhat:undertow:1.4.12
  • Redhat » Undertow » Version: 1.4.13
    cpe:2.3:a:redhat:undertow:1.4.13
  • Redhat » Undertow » Version: 1.4.14
    cpe:2.3:a:redhat:undertow:1.4.14
  • Redhat » Undertow » Version: 1.4.15
    cpe:2.3:a:redhat:undertow:1.4.15
  • Redhat » Undertow » Version: 1.4.16
    cpe:2.3:a:redhat:undertow:1.4.16
  • Redhat » Undertow » Version: 1.4.2
    cpe:2.3:a:redhat:undertow:1.4.2
  • Redhat » Undertow » Version: 1.4.3
    cpe:2.3:a:redhat:undertow:1.4.3
  • Redhat » Undertow » Version: 1.4.4
    cpe:2.3:a:redhat:undertow:1.4.4
  • Redhat » Undertow » Version: 1.4.5
    cpe:2.3:a:redhat:undertow:1.4.5
  • Redhat » Undertow » Version: 1.4.6
    cpe:2.3:a:redhat:undertow:1.4.6
  • Redhat » Undertow » Version: 1.4.7
    cpe:2.3:a:redhat:undertow:1.4.7
  • Redhat » Undertow » Version: 1.4.8
    cpe:2.3:a:redhat:undertow:1.4.8
  • Redhat » Undertow » Version: 2.0.0
    cpe:2.3:a:redhat:undertow:2.0.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved