subject:"Bug#900323\: undertow\: CVE\-2018\-1067\: HTTP header injection using CRLF with UTF\-8 Encoding \(incomplete fix of CVE\-2016\-4993\)"

Bug#900323: undertow: CVE-2018-1067: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)

2018-06-03 Thread Salvatore Bonaccorso

Source: undertow Source-Version: 1.4.25-1 On Tue, May 29, 2018 at 07:15:33AM +0200, Salvatore Bonaccorso wrote: > Source: undertow > Version: 1.4.3-1 > Severity: important > Tags: security upstream > Forwarded: https://issues.jboss.org/browse/UNDERTOW-1302 > > Hi, > > The following

Bug#900323: undertow: CVE-2018-1067: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)

2018-05-28 Thread Salvatore Bonaccorso

Source: undertow Version: 1.4.3-1 Severity: important Tags: security upstream Forwarded: https://issues.jboss.org/browse/UNDERTOW-1302 Hi, The following vulnerability was published for undertow, the original CVE-2016-4993 fixed via 1.4.3 upstream was incomplete. No fix available at the time of