CVE-2017-7658

{"id": "CVE-2017-7658", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-06-26T17:29:00.210", "references": [{"url": "http://www.securityfocus.com/bid/106566", "tags": ["Third Party Advisory", "VDB Entry"], "source": "emo@eclipse.org"}, {"url": "http://www.securitytracker.com/id/1041194", "tags": ["Third Party Advisory", "VDB Entry"], "source": "emo@eclipse.org"}, {"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://security.netapp.com/advisory/ntap-20181014-0001/", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.debian.org/security/2018/dsa-4278", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "tags": ["Patch", "Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Third Party Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-444"}]}, {"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-444"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization."}, {"lang": "es", "value": "En Eclipse Jetty Server, en versiones 9.2.x y anteriores, versiones 9.3.x (todas las configuraciones que no sean HTTP/1.x) y versiones 9.4.x (todas las configuraciones HTTP/1.x), cuando se presentan con dos cabeceras content-lengths, Jetty ignora la segunda. Cuando se presenta con una cabecera de cifrado fragmentada y otra content-length, esta \u00faltima fue ignorada (seg\u00fan RFC 2616). Si un intermediario se decide por el tama\u00f1o m\u00e1s peque\u00f1o, pero se sigue pasando como el cuerpo m\u00e1s grande, el contenido del cuerpo podr\u00eda ser interpretado por Jetty como petici\u00f3n pipelined. Si el intermediario impone la autorizaci\u00f3n, la petici\u00f3n pipelined falsa omitir\u00eda dicha autorizaci\u00f3n."}], "lastModified": "2023-11-07T02:50:13.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "486E784F-1FC5-42AA-B144-EDBE5FE9B993", "versionEndIncluding": "9.2.26"}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C513260A-7AD7-44C2-97F0-167B5819475E", "versionEndExcluding": "9.3.24", "versionStartIncluding": "9.3.0"}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A720480-0A8A-48FE-85FE-6973DAB7A7D5", "versionEndExcluding": "9.4.11", "versionStartIncluding": "9.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A"}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC"}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496"}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_payment:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FBA1229-8AC0-4E6F-9F31-AB647160FB15"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*", "vulnerable": true, "matchCriteriaId": "3C209829-7941-4B64-89CA-0220804B6163", "versionEndIncluding": "8.6.2-00", "versionStartIncluding": "8.4.0-00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:xp_p9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1CC9BC28-72E9-4D53-B388-6A8AB7CFD22E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CF77086-43C1-44DB-A574-61A9A3DD1220"}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5F95A41-A496-481C-A906-E0307AC1EA63", "versionEndIncluding": "11.50.1", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "680ECEAE-D73F-47D2-8AF8-7704469CF3EA"}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"}, {"criteria": "cpe:2.3:a:netapp:hci_storage_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3246A7D-243B-415A-827D-C5D7F62AFE19"}, {"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9273745-6408-4CD3-94E8-9385D4F5FE69", "versionEndIncluding": "3.1.3", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_for_7-mode:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D774A4A1-3D1E-4C31-B876-97BEA9E95027"}, {"criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB"}, {"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "vulnerable": true, "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF"}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "vulnerable": true, "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8"}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"}, {"criteria": "cpe:2.3:a:netapp:storage_services_connector:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C27762B9-8042-429B-B714-3B3A17B2842A"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}