vulnerability
Red Hat JBoss EAP: CVE-2018-1067: HTTP Request/Response Splitting
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Apr 25, 2018 | Sep 19, 2024 | Jul 2, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Apr 25, 2018
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.. It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-113
- CVE-2018-1067
- https://attackerkb.com/topics/CVE-2018-1067
- URL-https://access.redhat.com/security/cve/CVE-2018-1067
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1550671
- URL-https://access.redhat.com/errata/RHSA-2018:1247
- URL-https://access.redhat.com/errata/RHSA-2018:1248
- URL-https://access.redhat.com/errata/RHSA-2018:1249
- URL-https://access.redhat.com/errata/RHSA-2018:1251
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.