DEBIAN-CVE-2017-12165

DEBIAN-CVE-2017-12165 PUBLISHED CVSS 7.5 HIGH

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:14	undertow	0, 1.3.11-1, 1.3.16-1

Timeline

Jul 27, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-12165 advisory

Open in Interactive Console →