[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-12165":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":48,"related":49,"reserved_at":9,"published_at":50,"modified_at":51,"state":52,"summary":53,"references_raw":62,"kevs":136,"epss":137,"epss_history":140,"metrics":397,"affected":416},"CVE-2017-12165","It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[29],"GHSA-5gg7-5wv8-4gcj",[],[32,34,36,38,40,42,44,46],{"_key":33},"DEBIAN-CVE-2017-12165",{"_key":35},"RHSA-2017:3454",{"_key":37},"RHSA-2017:3455",{"_key":39},"RHSA-2017:3458",{"_key":41},"RHSA-2018:0002",{"_key":43},"RHSA-2018:0004",{"_key":45},"RHSA-2018:0005",{"_key":47},"UBUNTU-CVE-2017-12165",[],[],"2018-07-27T15:00:00.000Z","2024-08-05T18:28:16.497Z","Modified",{"cisa_kev":54,"cisa_ransomware":54,"cisa_vendor":9,"epss_severity":55,"epss_score":56,"severity":57,"severity_score":58,"severity_version":59,"severity_source":60,"severity_vector":61,"severity_status":52},false,"low",0.01096,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[63,70,74,78,82,90,94,98,102,106,110,115,119,123,127,132],{"url":64,"sources":65,"tags":67},"https://access.redhat.com/errata/RHSA-2018:1322",[66,60],"cve.org",[68,69],"Vendor Advisory","X Refsource REDHAT",{"url":71,"sources":72,"tags":73},"https://access.redhat.com/errata/RHSA-2018:0002",[66,60],[68,69],{"url":75,"sources":76,"tags":77},"https://access.redhat.com/errata/RHSA-2017:3458",[66,60],[68,69],{"url":79,"sources":80,"tags":81},"https://access.redhat.com/errata/RHSA-2018:0004",[66,60],[68,69],{"url":83,"sources":84,"tags":86},"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165",[66,60,85],"osv_maven",[87,88,68,89],"X Refsource CONFIRM","Issue Tracking","WEB",{"url":91,"sources":92,"tags":93},"https://access.redhat.com/errata/RHSA-2017:3455",[66,60],[68,69],{"url":95,"sources":96,"tags":97},"https://access.redhat.com/errata/RHSA-2017:3456",[66,60],[68,69],{"url":99,"sources":100,"tags":101},"https://access.redhat.com/errata/RHSA-2018:0003",[66,60],[68,69],{"url":103,"sources":104,"tags":105},"https://access.redhat.com/errata/RHSA-2018:0005",[66,60],[68,69],{"url":107,"sources":108,"tags":109},"https://access.redhat.com/errata/RHSA-2017:3454",[66,60],[68,69],{"url":111,"sources":112,"tags":113},"https://nvd.nist.gov/vuln/detail/CVE-2017-12165",[85],[114],"Advisory",{"url":116,"sources":117,"tags":118},"https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f",[85],[89],{"url":120,"sources":121,"tags":122},"https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f",[85],[89],{"url":124,"sources":125,"tags":126},"https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc",[85],[89],{"url":128,"sources":129,"tags":130},"https://github.com/undertow-io/undertow",[85],[131],"PACKAGE",{"url":133,"sources":134,"tags":135},"https://issues.redhat.com/browse/UNDERTOW-1251",[85],[89],[],{"date":138,"score":56,"percentile":139},"2026-06-04",0.78343,[141,144,147,150,153,156,158,161,164,167,170,173,176,179,182,185,188,191,194,196,199,202,205,207,210,212,215,218,221,224,227,230,233,236,238,240,243,246,249,252,255,258,261,264,267,270,273,276,278,280,283,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,335,338,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,384,387,389,392,394],{"date":142,"score":56,"percentile":143},"2025-11-04",0.77287,{"date":145,"score":56,"percentile":146},"2025-11-05",0.77291,{"date":148,"score":56,"percentile":149},"2025-11-06",0.7729,{"date":151,"score":56,"percentile":152},"2025-11-07",0.77304,{"date":154,"score":56,"percentile":155},"2025-11-08",0.77309,{"date":157,"score":56,"percentile":152},"2025-11-09",{"date":159,"score":56,"percentile":160},"2025-11-10",0.77292,{"date":162,"score":56,"percentile":163},"2025-11-11",0.77293,{"date":165,"score":56,"percentile":166},"2025-11-12",0.7731,{"date":168,"score":56,"percentile":169},"2025-11-13",0.7732,{"date":171,"score":56,"percentile":172},"2025-11-14",0.77326,{"date":174,"score":56,"percentile":175},"2025-11-15",0.77322,{"date":177,"score":56,"percentile":178},"2025-11-16",0.77323,{"date":180,"score":56,"percentile":181},"2025-11-17",0.77318,{"date":183,"score":56,"percentile":184},"2025-11-18",0.76119,{"date":186,"score":56,"percentile":187},"2025-11-19",0.76125,{"date":189,"score":56,"percentile":190},"2025-11-20",0.76136,{"date":192,"score":56,"percentile":193},"2025-11-21",0.77344,{"date":195,"score":56,"percentile":193},"2025-11-22",{"date":197,"score":56,"percentile":198},"2025-11-23",0.77331,{"date":200,"score":56,"percentile":201},"2025-11-24",0.77332,{"date":203,"score":56,"percentile":204},"2025-11-25",0.77338,{"date":206,"score":56,"percentile":193},"2025-11-26",{"date":208,"score":56,"percentile":209},"2025-11-27",0.77347,{"date":211,"score":56,"percentile":204},"2025-11-28",{"date":213,"score":56,"percentile":214},"2025-11-29",0.77346,{"date":216,"score":56,"percentile":217},"2025-11-30",0.77343,{"date":219,"score":56,"percentile":220},"2025-12-01",0.77451,{"date":222,"score":56,"percentile":223},"2025-12-02",0.7746,{"date":225,"score":56,"percentile":226},"2025-12-03",0.77447,{"date":228,"score":56,"percentile":229},"2025-12-04",0.77334,{"date":231,"score":56,"percentile":232},"2025-12-05",0.77341,{"date":234,"score":56,"percentile":235},"2025-12-06",0.77345,{"date":237,"score":56,"percentile":232},"2025-12-07",{"date":239,"score":56,"percentile":209},"2025-12-08",{"date":241,"score":56,"percentile":242},"2025-12-09",0.77371,{"date":244,"score":56,"percentile":245},"2025-12-10",0.77398,{"date":247,"score":56,"percentile":248},"2025-12-11",0.77415,{"date":250,"score":56,"percentile":251},"2025-12-12",0.77436,{"date":253,"score":56,"percentile":254},"2025-12-13",0.77439,{"date":256,"score":56,"percentile":257},"2025-12-14",0.77437,{"date":259,"score":56,"percentile":260},"2025-12-15",0.77433,{"date":262,"score":56,"percentile":263},"2025-12-16",0.77444,{"date":265,"score":56,"percentile":266},"2025-12-17",0.77454,{"date":268,"score":56,"percentile":269},"2025-12-18",0.77471,{"date":271,"score":56,"percentile":272},"2025-12-19",0.77484,{"date":274,"score":56,"percentile":275},"2025-12-20",0.77476,{"date":277,"score":56,"percentile":269},"2025-12-21",{"date":279,"score":56,"percentile":269},"2025-12-22",{"date":281,"score":56,"percentile":282},"2025-12-23",0.77473,{"date":284,"score":56,"percentile":272},"2025-12-24",{"date":286,"score":56,"percentile":287},"2025-12-25",0.77501,{"date":289,"score":56,"percentile":290},"2025-12-26",0.77497,{"date":292,"score":56,"percentile":293},"2025-12-27",0.77549,{"date":295,"score":56,"percentile":296},"2025-12-28",0.77483,{"date":298,"score":56,"percentile":299},"2025-12-29",0.7748,{"date":301,"score":56,"percentile":302},"2025-12-30",0.77488,{"date":304,"score":56,"percentile":305},"2025-12-31",0.77502,{"date":307,"score":56,"percentile":308},"2026-01-01",0.77623,{"date":310,"score":56,"percentile":311},"2026-01-02",0.77625,{"date":313,"score":56,"percentile":314},"2026-01-03",0.77624,{"date":316,"score":56,"percentile":317},"2026-01-04",0.77506,{"date":319,"score":56,"percentile":320},"2026-01-05",0.77498,{"date":322,"score":56,"percentile":323},"2026-01-06",0.77508,{"date":325,"score":56,"percentile":326},"2026-01-07",0.77515,{"date":328,"score":56,"percentile":329},"2026-01-08",0.77522,{"date":331,"score":56,"percentile":332},"2026-01-09",0.77527,{"date":334,"score":56,"percentile":332},"2026-01-10",{"date":336,"score":56,"percentile":337},"2026-01-11",0.77521,{"date":339,"score":56,"percentile":323},"2026-01-12",{"date":341,"score":56,"percentile":342},"2026-01-13",0.77507,{"date":344,"score":56,"percentile":345},"2026-01-14",0.77531,{"date":347,"score":56,"percentile":348},"2026-01-15",0.77534,{"date":350,"score":56,"percentile":351},"2026-01-16",0.77543,{"date":353,"score":56,"percentile":354},"2026-01-17",0.77545,{"date":356,"score":56,"percentile":357},"2026-01-18",0.77542,{"date":359,"score":56,"percentile":360},"2026-01-19",0.77538,{"date":362,"score":56,"percentile":363},"2026-01-20",0.77533,{"date":365,"score":56,"percentile":366},"2026-01-21",0.77539,{"date":368,"score":56,"percentile":369},"2026-01-22",0.77546,{"date":371,"score":56,"percentile":372},"2026-01-23",0.77573,{"date":374,"score":56,"percentile":375},"2026-01-24",0.77585,{"date":377,"score":56,"percentile":378},"2026-01-25",0.77576,{"date":380,"score":56,"percentile":381},"2026-01-26",0.77572,{"date":383,"score":56,"percentile":372},"2026-01-27",{"date":385,"score":56,"percentile":386},"2026-01-28",0.77578,{"date":388,"score":56,"percentile":381},"2026-01-29",{"date":390,"score":56,"percentile":391},"2026-01-30",0.77577,{"date":393,"score":56,"percentile":378},"2026-01-31",{"date":395,"score":56,"percentile":396},"2026-02-01",0.77688,[398,405,414],{"source":66,"cvss_v2_0":9,"cvss_v3_0":399,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":400,"baseSeverity":401,"vectorString":402,"impactScore":403,"exploitabilityScore":404},2.6,"LOW","CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",2.3,3.1,{"source":60,"cvss_v2_0":406,"cvss_v3_0":411,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":407,"baseSeverity":9,"vectorString":408,"impactScore":409,"exploitabilityScore":410},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":58,"baseSeverity":412,"vectorString":61,"impactScore":413,"exploitabilityScore":410},"HIGH",6,{"source":85,"cvss_v2_0":9,"cvss_v3_0":415,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":58,"baseSeverity":9,"vectorString":61,"impactScore":413,"exploitabilityScore":410},[417,439,448,458],{"ecosystem":418,"name":419,"vendor":420,"product":421,"cpe_part":9,"purl_type":422,"purl_namespace":420,"purl_name":421,"source":9,"versions":423},"Maven","io.undertow:undertow-core","io.undertow","undertow-core","maven",[424,430,435],{"version":425,"is_range":426,"range_type":427,"version_start":9,"version_start_type":9,"version_end":428,"version_end_type":429,"fixed_in":9},"lt1_3_31",true,"ecosystem","1.3.31","excluding",{"version":431,"is_range":426,"range_type":427,"version_start":432,"version_start_type":433,"version_end":434,"version_end_type":429,"fixed_in":9},"gte1_4_0_lt1_4_17","1.4.0","including","1.4.17",{"version":436,"is_range":426,"range_type":427,"version_start":437,"version_start_type":433,"version_end":438,"version_end_type":429,"fixed_in":9},"gte2_0_0_Alpha1_lt2_0_0_Beta1","2.0.0.Alpha1","2.0.0.Beta1",{"ecosystem":9,"name":440,"vendor":441,"product":440,"cpe_part":442,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":443},"undertow","red hat","a",[444,445,446],{"version":434,"is_range":54,"range_type":66,"version_start":434,"version_start_type":433,"version_end":434,"version_end_type":433,"fixed_in":9},{"version":428,"is_range":54,"range_type":66,"version_start":428,"version_start_type":433,"version_end":428,"version_end_type":433,"fixed_in":9},{"version":447,"is_range":54,"range_type":66,"version_start":447,"version_start_type":433,"version_end":447,"version_end_type":433,"fixed_in":9},"2.0.0",{"ecosystem":9,"name":449,"vendor":450,"product":451,"cpe_part":442,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":452},"jboss enterprise application platform","redhat","jboss_enterprise_application_platform",[453,456],{"version":454,"is_range":54,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.0","cpe",{"version":457,"is_range":54,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.1.0",{"ecosystem":9,"name":440,"vendor":450,"product":440,"cpe_part":442,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":459},[460,463,465],{"version":461,"is_range":426,"range_type":455,"version_start":462,"version_start_type":433,"version_end":428,"version_end_type":429,"fixed_in":9},"gte1.0.0_lt1.3.31","1.0.0",{"version":464,"is_range":426,"range_type":455,"version_start":432,"version_start_type":433,"version_end":434,"version_end_type":429,"fixed_in":9},"gte1.4.0_lt1.4.17",{"version":466,"is_range":54,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.0:alpha_1"]