CVE-2017-12165: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)

July 27, 2018 (updated October 9, 2019)

It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
nvd.nist.gov/vuln/detail/CVE-2017-12165

Code Behaviors & Features

Detect and mitigate CVE-2017-12165 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →