VDB

RHSA-2017%3A0247

RHSA-2017%3A0247 PUBLISHED CVSS 6.5 MEDIUM

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.

Risk Scores

CVSS 3.0
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Enterprise Application Platform 6.4

Timeline

  • Feb 2, 2017 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • May 13, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›