N/A

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

N/A

HTTP请求的解释不一致性(HTTP请求私运)

Red Hat Undertow 环境问题漏洞

Red Hat Undertow是美国红帽（Red Hat）公司的一款基于Java的嵌入式Web服务器，是Wildfly（Java应用服务器）默认的Web服务器。 Red Hat Undertow 2.2.0.Final之前版本中存在环境问题漏洞。该漏洞源于网络系统或产品的环境因素不合理。

N/A

N/A