VDB
RHSA-2017%3A0247
RHSA-2017%3A0247
PUBLISHED
CVSS 6.5 MEDIUM
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.
Risk Scores
CVSS 3.0
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform 6.4 |
Timeline
- Feb 2, 2017 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2017:0247 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/ advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1380852 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1388240 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1397484 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0247.json advisory
- https://access.redhat.com/security/cve/CVE-2016-6816 advisory
- https://www.cve.org/CVERecord?id=CVE-2016-6816 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-6816 advisory
- https://access.redhat.com/articles/2991951 advisory
- https://access.redhat.com/solutions/2891171 advisory
- https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48 advisory
- https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73 advisory
- https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39 advisory
- https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8 advisory
- https://access.redhat.com/security/cve/CVE-2016-7061 advisory
- https://www.cve.org/CVERecord?id=CVE-2016-7061 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-7061 advisory
…and 3 more