Home Unlabelled IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability.

IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability.

By
Friday, January 04, 2019
Read
Add Comment

Jan 4, 2019 9:01 am EST

Categorized: Medium Severity

Share this post:

Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.

CVE(s): CVE-2017-7657, CVE-2017-7656, CVE-2018-12536, CVE-2017-7658

Affected product(s) and affected version(s):

Rational Performance Tester version 9.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10793735
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145521
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145520
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145523
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145522



from IBM Product Security Incident Response Team https://ibm.co/2F6xgBY
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us