How severe is CVE-2017-7559?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2017-7559?

This is classified as CWE-444, which is a common weakness in software security.

CVE-2017-7559

MEDIUM Year: 2017

CVSS v3 Score

6.1

Medium

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-444

View all →

Vulnerability Description

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.

CVE-2018-7068

MEDIUM

CVSS:6.1(Medium)

HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

CWE-4442018

CVE-2020-7655

MEDIUM

CVSS:6.1(Medium)

netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could al...

CWE-4442020

CVE-2020-7658

MEDIUM

CVSS:6.1(Medium)

meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header par...

CWE-4442020

CVE-2022-20713

MEDIUM

CVSS:6.1(Medium)

A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote at...

CWE-4442022

CVE-2019-19326

MEDIUM

CVSS:5.9(Medium)

Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Origin...

CWE-4442019

CVE-2021-21295

MEDIUM

CVSS:5.9(Medium)

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2...

CWE-4442021

CVE-2017-7559

Vulnerability Description

Related Vulnerabilities

CVE-2018-7068

CVE-2020-7655

CVE-2020-7658

CVE-2022-20713

CVE-2019-19326

CVE-2021-21295