CVE-2017-7658
high-risk
Published 2018-06-26
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
Do I need to act?
~
8.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 84205aa28f11a4f31f2a3b86d1bba2cc8ab69827, d5fc0523cfa96bfebfbda19606cad384d772f04c
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Retail Xstore Payment
Xp P9000 Command View
E-Series Santricity Management
Oncommand Unified Manager For 7-Mode
References (34)
Third Party Advisory
http://www.securityfocus.com/bid/106566
Third Party Advisory
http://www.securitytracker.com/id/1041194
Third Party Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669
Third Party Advisory
https://security.netapp.com/advisory/ntap-20181014-0001/
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe...
Third Party Advisory
https://www.debian.org/security/2018/dsa-4278
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory
http://www.securityfocus.com/bid/106566
Third Party Advisory
http://www.securitytracker.com/id/1041194
Third Party Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669
and 14 more references
63
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
10/34 · Low
Exposure
21/34 · High