Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
CVSS Information
N/A
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
Red Hat Undertow 安全漏洞
Vulnerability Description
Red Hat Undertow是美国红帽(Red Hat)公司的一款基于Java的嵌入式Web服务器,是Wildfly(Java应用服务器)默认的Web服务器。 Red Hat Undertow中存在安全漏洞,该漏洞源于程序没有过滤查询字符串和路径参数中无效字符。攻击者可通过操作HTTP相响应利用该漏洞造成web缓存中毒,实施跨站脚本攻击,或获取其他用户请求中的敏感信息。以下版本受到影响:Undertow 2.0.0.Alpha2之前的2.x版本,1.4.17.Final之前的1.4.x版本,1.3.3
CVSS Information
N/A
Vulnerability Type
N/A