{"id":"CVE-2017-12165","details":"It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.","aliases":["GHSA-5gg7-5wv8-4gcj"],"modified":"2026-04-10T03:56:40.666781Z","published":"2018-07-27T15:29:00.237Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0005"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3454"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3455"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3456"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3458"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0003"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0004"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1322"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0002"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/undertow-io/undertow","events":[{"introduced":"30392f538d254ed54834854e3f7face2bf945dcb"},{"fixed":"ca20c31781dd721837775b92ad5783d742546e17"},{"introduced":"967b5ecf796fe32afb9a131c7695f731b51303ca"},{"fixed":"9353aa465ba960f0c363fd9d8a164e42c0bccafa"}],"database_specific":{"versions":[{"introduced":"1.0.0"},{"fixed":"1.3.31"},{"introduced":"1.4.0"},{"fixed":"1.4.17"}]}}],"versions":["1.0.0.Final","1.0.1.Final","1.0.2.Final","1.0.3.Final","1.1.0.Beta1","1.1.0.Beta2","1.1.0.Beta3","1.1.0.Beta4","1.1.0.Beta5","1.1.0.Beta6","1.1.0.Beta7","1.1.0.Beta8","1.2.0.Beta1","1.2.0.Beta10","1.2.0.Beta2","1.2.0.Beta3","1.2.0.Beta4","1.2.0.Beta5","1.2.0.Beta6","1.2.0.Beta7","1.2.0.Beta8","1.2.0.Beta9","1.2.0.CR1","1.2.0.Final","1.2.1.Final","1.2.2.Final","1.2.3.Final","1.2.4.Final","1.3.0.Beta1","1.3.0.Beta10","1.3.0.Beta11","1.3.0.Beta12","1.3.0.Beta13","1.3.0.Beta2","1.3.0.Beta3","1.3.0.Beta4","1.3.0.Beta5","1.3.0.Beta6","1.3.0.Beta7","1.3.0.Beta8","1.3.0.Beta9","1.3.0.CR1","1.3.0.CR2","1.3.0.CR3","1.3.0.Final","1.3.1.Final","1.3.10.Final","1.3.11.Final","1.3.12.Final","1.3.13.Final","1.3.14.Final","1.3.15.Final","1.3.16.Final","1.3.17.Final","1.3.18.Final","1.3.19.Final","1.3.2.Final","1.3.20.Final","1.3.21.Final","1.3.22.Final","1.3.23.Final","1.3.24.Final","1.3.25.Final","1.3.26.Final","1.3.27.Final","1.3.28.Final","1.3.3.Final","1.3.30.Final","1.3.5.Final","1.3.6.Final","1.3.7.Final","1.3.8.Final","1.3.9.Final","1.4.0.Final","1.4.1.Final","1.4.10.Final","1.4.11.Final","1.4.12.Final","1.4.13.Final","1.4.14.Final","1.4.15.Final","1.4.16.Final","1.4.2.Final","1.4.3.Final","1.4.4.Final","1.4.5.Final","1.4.6.Final","1.4.7.Final","1.4.8.Final"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12165.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha_1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}