It was found that code that parsed the HTTP request line in undertow permitted invalid characters which results into HTTP request smuggling vulnerability.
Acknowledgments: Name: Radim Hatlapatka (Red Hat)
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0.6 Via RHSA-2017:1409 https://rhn.redhat.com/errata/RHSA-2017-1409.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2017:1411 https://access.redhat.com/errata/RHSA-2017:1411
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:1410 https://access.redhat.com/errata/RHSA-2017:1410
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:1412 https://access.redhat.com/errata/RHSA-2017:1412
Created undertow tracking bugs for this issue: Affects: fedora-all [bug 1481675]
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3456
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Via RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458