Bug 1550671 (CVE-2018-1067)
Summary: | CVE-2018-1067 undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aboyko, aileenc, alazarot, alee, anstephe, asoldano, atangrin, avibelli, bbaranow, bdawidow, bgeorges, bmaxwell, bmcclain, brian.stansberry, ccoleman, cdewolf, chazlett, cmoulliard, coolsvap, csutherl, darran.lofthouse, dblechte, dedgar, dimitris, dkreling, dmcphers, dosoudil, drieden, eedri, etirelli, fgavrilo, gvarsami, gzaronik, hhorak, ibek, ivan.afonichev, iweiss, java-sig-commits, jawilson, jbalunas, jclere, jcoleman, jdoyle, jgoulding, jochrist, jondruse, jorton, jpadman, jpallich, jperkins, jshepherd, jwon, kconner, krathod, krzysztof.daniel, kverlaen, kwills, ldimaggi, lef, lgao, lpetrovi, lthon, mbabacek, mgoldboi, michal.skrivanek, mizdebsk, msochure, msvehla, mszynkie, myarboro, nwallace, paradhya, pdrozd, pgallagh, pgier, pjindal, pjurak, pmackay, ppalaga, psakar, pslavice, psotirop, puntogil, rguimara, rhcs-maint, rhel8-maint, rnetuka, rrajasek, rruss, rstancel, rsvoboda, rsynek, rwagner, rzhang, sbonazzo, sdaley, security-response-team, sherold, smaestri, sthorger, tcunning, tkirby, tom.jenkinson, trogers, twalsh, vtunka, weli, ykaul |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | undertow 7.1.2.CR1, undertow 7.1.2.GA | Doc Type: | If docs needed, set a value |
Doc Text: |
It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:41:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1591095, 1592645, 1592646, 1592647, 1705077, 1705078 | ||
Bug Blocks: | 1550674 |
Description
Laura Pardo
2018-03-01 18:45:08 UTC
Acknowledgments: Name: Ammarit Thongthua (Deloitte Thailand Pentest team), Nattakit Intarasorn (Deloitte Thailand Pentest team) This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2018:1248 https://access.redhat.com/errata/RHSA-2018:1248 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Via RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1247 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2018:1249 https://access.redhat.com/errata/RHSA-2018:1249 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2018:1251 https://access.redhat.com/errata/RHSA-2018:1251 Created tomcat tracking bugs for this issue: Affects: fedora-all [bug 1592646] Created undertow tracking bugs for this issue: Affects: fedora-all [bug 1592647] Created wildfly tracking bugs for this issue: Affects: fedora-all [bug 1592645] This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2643 This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2019:0877 https://access.redhat.com/errata/RHSA-2019:0877 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2020:2562 https://access.redhat.com/errata/RHSA-2020:2562 |