Source: undertow
Severity: important
Tags: security


the following vulnerability was published for undertow.

There is not much information available if that incomplete fix affects
us as well. Or which this was fixed upstream. I asked for
clarification in [1], but might you contact directly as well upstream
about that?

HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed, since not
yet clear, no affected version added.


This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to