Low severity2.6NVD Advisory· Published Jul 27, 2018· Updated Jun 17, 2026
CVE-2017-12165
CVE-2017-12165
Description
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-coreMaven | < 1.3.31 | 1.3.31 |
io.undertow:undertow-coreMaven | >= 1.4.0, < 1.4.17 | 1.4.17 |
io.undertow:undertow-coreMaven | >= 2.0.0.Alpha1, < 2.0.0.Beta1 | 2.0.0.Beta1 |
Affected products
2Patches
Vulnerability mechanics
References
16- access.redhat.com/errata/RHSA-2017:3454nvdVendor Advisory
- access.redhat.com/errata/RHSA-2017:3455nvdVendor Advisory
- access.redhat.com/errata/RHSA-2017:3456nvdVendor Advisory
- access.redhat.com/errata/RHSA-2017:3458nvdVendor Advisory
- access.redhat.com/errata/RHSA-2018:0002nvdVendor Advisory
- access.redhat.com/errata/RHSA-2018:0003nvdVendor Advisory
- access.redhat.com/errata/RHSA-2018:0004nvdVendor Advisory
- access.redhat.com/errata/RHSA-2018:0005nvdVendor Advisory
- access.redhat.com/errata/RHSA-2018:1322nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-5gg7-5wv8-4gcjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12165ghsaADVISORY
- github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7fghsaWEB
- github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44fghsaWEB
- github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdcghsaWEB
- issues.redhat.com/browse/UNDERTOW-1251ghsaWEB
News mentions
0No linked articles in our index yet.