Home Unlabelled IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability.

IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability.

By
Friday, January 04, 2019
Read
Add Comment

Jan 4, 2019 9:01 am EST

Categorized: Medium Severity

Share this post:

Description: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.

CVE(s): CVE-2017-7657, CVE-2017-7656, CVE-2018-12536, CVE-2017-7658

Affected product(s) and affected version(s):

Rational Service Tester version 9.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10793737
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145521
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145520
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145523
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145522



from IBM Product Security Incident Response Team https://ibm.co/2Fa0YpB
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us