CVE-2018-1067 is a vulnerability in Red Hat Undertow
Published on May 21, 2018
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.
Weakness Type
What is a HTTP Response Splitting Vulnerability?
The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
CVE-2018-1067 has been classified to as a HTTP Response Splitting vulnerability or weakness.
Products Associated with CVE-2018-1067
Want to know whenever a new CVE is published for Red Hat Undertow? stack.watch will email you.
Affected Versions
[UNKNOWN] undertow:- Version undertow 7.1.2.CR1 is affected.
- Version undertow 7.1.2.GA is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.