CVE-2018-1067

Current Description

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.

Basic Data

PublishedMay 21, 2018
Last ModifiedJuly 17, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-113
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatUndertow********1.4.25
    2.3ApplicationRedhatUndertow********2.0.02.0.5
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationRedhatJboss Enterprise Application Platform7.1*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSRedhatEnterprise Linux6.0*******
      2.3OSRedhatEnterprise Linux7.0*******
  • AND
    • OR - Configuration 3
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationRedhatVirtualization Host4.0*******
      2.3OSRedhatVirtualization4.0*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSRedhatEnterprise Linux7.0*******

Vulnerable Software List

VendorProductVersions
Redhat Jboss Enterprise Application Platform 7.1
Redhat Virtualization Host 4.0
Redhat Undertow *
Redhat Virtualization 4.0

References

NameSourceURLTags
RHSA-2018:1247https://access.redhat.com/errata/RHSA-2018:1247REDHATVendor Advisory
RHSA-2018:1248https://access.redhat.com/errata/RHSA-2018:1248REDHATVendor Advisory
RHSA-2018:1249https://access.redhat.com/errata/RHSA-2018:1249REDHATVendor Advisory
RHSA-2018:1251https://access.redhat.com/errata/RHSA-2018:1251REDHATVendor Advisory
RHSA-2018:2643https://access.redhat.com/errata/RHSA-2018:2643REDHATVendor Advisory
RHSA-2019:0877https://access.redhat.com/errata/RHSA-2019:0877REDHATVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067CONFIRMIssue Tracking Vendor Advisory