GHSA-qcqr-hcjq-whfq

Suggest an improvement
Source
https://github.com/advisories/GHSA-qcqr-hcjq-whfq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qcqr-hcjq-whfq/GHSA-qcqr-hcjq-whfq.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-qcqr-hcjq-whfq
Aliases
Published
2022-05-17T00:15:12Z
Modified
2023-11-01T04:47:00.490265Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Improper Neutralization of CRLF Sequences in Wildfly Undertow
Details

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Database specific
{
    "nvd_published_at": "2016-09-26T14:59:00Z",
    "github_reviewed_at": "2022-07-12T22:14:44Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-93"
    ]
}
References

Affected packages

Maven / org.wildfly:wildfly-undertow

Package

Name
org.wildfly:wildfly-undertow
View open source insights on deps.dev
Purl
pkg:maven/org.wildfly/wildfly-undertow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.0.0.Final
Fixed
11.0.0.Final

Affected versions

10.*

10.0.0.Final
10.1.0.CR1
10.1.0.Final

11.*

11.0.0.Alpha1
11.0.0.Beta1
11.0.0.CR1

Database specific

{
    "last_known_affected_version_range": "<= 10.1.0.Final"
}