It was reported that WildFly 10.0.0 Application Server/Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also Response Splitting, due to insufficient sanitisation and validation of user input before the input is used as part of a HTTP header value. Using newline characters injected into the HTTP headers, it is possible for the malicious user to add arbitrary headers such as Set-Cookie to set arbitrary cookies, or potentially use a Location header for an open-redirect. By using two newline characters the attacker can 'split' the response (HTTP Response Splitting) and provide their own content that will be rendered to the victim user.
Acknowledgments: Name: Calum Hutton (NCC Group), Mikhail Egorov (Odin)
This issue has been addressed in the following products: Via RHSA-2016:1841 https://rhn.redhat.com/errata/RHSA-2016-1841.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2016:1840 https://rhn.redhat.com/errata/RHSA-2016-1840.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2016:1838 https://rhn.redhat.com/errata/RHSA-2016-1838.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2016:1839 https://rhn.redhat.com/errata/RHSA-2016-1839.html
What versions of undertow are affected? Can you link to the upstream bug report?
@jkeilson :Wildfly 10.0.0 is vulnerable.
(In reply to Bharti Kundal from comment #26) > @jkeilson :Wildfly 10.0.0 is vulnerable. So older versions of wildfly are not affected?
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3456
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Via RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458
Hi Since this issue refers to an issue in undertow server, can you point to the respective undertow issue and/or upstream fix? Thanks in advance, Regards, Salvatore
(In reply to Salvatore Bonaccorso from comment #38) > Hi > > Since this issue refers to an issue in undertow server, can you point to the > respective undertow issue and/or upstream fix? > > Thanks in advance, > > Regards, > Salvatore Hi Salvatore, Here is the upstream JIRA issue https://issues.jboss.org/browse/UNDERTOW-827. Hope this helps. Regards, Bharti