CVE-2017-7658 Information

Description

In Eclipse Jetty Server versions 9.2.x and older 9.3.x (all non HTTP/1.x configurations) and 9.4.x (all HTTP/1.x configurations) when presented with two content-lengths headers Jetty ignored the second. When presented with a content-length and a chunked encoding header the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length but still passed on the longer body then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization the fake pipelined request would bypass that authorization.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/106566 http://www.securitytracker.com/id/1041194 https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@3Cissues.activemq.apache.org3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@3Csolr-user.lucene.apache.org3E https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@3Ccommits.druid.apache.org3E https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@3Cissues.bookkeeper.apache.org3E https://security.netapp.com/advisory/ntap-20181014-0001/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us https://www.debian.org/security/2018/dsa-4278 https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8