Red Hat Bugzilla – Bug 1550671
CVE-2018-1067 undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)
Last modified: 2018-10-19 17:47:17 EDT
A flaw was reported in WildFly 12.0.0.CR1 web server is vulnerable to the injection of arbitrary HTTP Header due to insufficient sanitisation and validation of user UTF-8 encoded input before it is used as part of an HTTP header value. Although there is a protection against CRLF injection by detecting the presence of a NewLine character (0x0a), it can be bypassed using characters encoded in UTF-8 as the page will try to convert them back to the original Unicode form and extract the last byte.
Acknowledgments: Name: Ammarit Thongthua (Deloitte Thailand Pentest team), Nattakit Intarasorn (Deloitte Thailand Pentest team)
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2018:1248 https://access.redhat.com/errata/RHSA-2018:1248
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Via RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1247
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2018:1249 https://access.redhat.com/errata/RHSA-2018:1249
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2018:1251 https://access.redhat.com/errata/RHSA-2018:1251
Created tomcat tracking bugs for this issue: Affects: fedora-all [bug 1592646] Created undertow tracking bugs for this issue: Affects: fedora-all [bug 1592647] Created wildfly tracking bugs for this issue: Affects: fedora-all [bug 1592645]
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2643