CVE-2017-7658: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)

June 26, 2018 (updated October 3, 2019)

If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

References

www.securitytracker.com/id/1041194
nvd.nist.gov/vuln/detail/CVE-2017-7658

Code Behaviors & Features

Detect and mitigate CVE-2017-7658 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →