CVE-2017-7559

{"id": "CVE-2017-7559", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-01-10T15:29:00.317", "references": [{"url": "https://access.redhat.com/errata/RHSA-2017:3454", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3455", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3456", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3458", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0002", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0003", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0004", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0005", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:1322", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://issues.jboss.org/browse/UNDERTOW-1251", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-444"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-444"}]}], "descriptions": [{"lang": "en", "value": "In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own."}, {"lang": "es", "value": "En Undertow 2.x anteriores a 2.0.0.Alpha2, 1.4.x anteriores a 1.4.17.Final y 1.3.x anteriores a 1.3.31.Final, se ha descubierto que la soluci\u00f3n para CVE-2017-2666 era incompleta y los caracteres no v\u00e1lidos todav\u00eda se permit\u00edan en la cadena de la consulta y en los par\u00e1metros de la ruta. Esto se podr\u00eda explotar junto con un proxy que tambi\u00e9n permita los caracteres no v\u00e1lidos, pero con una interpretaci\u00f3n diferente, para inyectar datos en la respuesta HTTP. Manipulando la respuesta HTTP, el atacante podr\u00eda envenenar un web-cache, realizar un ataque Cross-Site Scripting (XSS) u obtener informaci\u00f3n sensible de peticiones que no sean las suyas."}], "lastModified": "2019-10-09T23:29:46.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6553EA3E-6D2E-4D2C-B89A-F4526D0B251E", "versionEndExcluding": "1.3.31", "versionStartIncluding": "1.3.0"}, {"criteria": "cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06F12B32-A552-4B7E-9798-DE867BB05EDE", "versionEndExcluding": "1.4.17", "versionStartIncluding": "1.4.0"}, {"criteria": "cpe:2.3:a:redhat:undertow:2.0.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C560E34B-993B-47D9-BC10-910A518112B6"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}