[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-7559":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":48,"related":49,"reserved_at":9,"published_at":50,"modified_at":51,"state":52,"summary":53,"references_raw":62,"kevs":124,"epss":125,"epss_history":128,"metrics":385,"affected":398},"CVE-2017-7559","In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[29],"GHSA-rj76-h87p-r3wf",[],[32,34,36,38,40,42,44,46],{"_key":33},"UBUNTU-CVE-2017-7559",{"_key":35},"DEBIAN-CVE-2017-7559",{"_key":37},"RHSA-2017:3454",{"_key":39},"RHSA-2017:3455",{"_key":41},"RHSA-2017:3458",{"_key":43},"RHSA-2018:0002",{"_key":45},"RHSA-2018:0004",{"_key":47},"RHSA-2018:0005",[],[],"2018-01-10T15:00:00.000Z","2024-09-16T19:56:46.618Z","Modified",{"cisa_kev":54,"cisa_ransomware":54,"cisa_vendor":9,"epss_severity":55,"epss_score":56,"severity":57,"severity_score":58,"severity_version":59,"severity_source":60,"severity_vector":61,"severity_status":52},false,"low",0.01128,"medium",6.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[63,70,78,82,86,90,94,98,102,106,110,114,119],{"url":64,"sources":65,"tags":67},"https://access.redhat.com/errata/RHSA-2018:1322",[66,60],"cve.org",[68,69],"Vendor Advisory","X Refsource REDHAT",{"url":71,"sources":72,"tags":74},"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559",[66,60,73],"osv_maven",[75,76,68,77],"X Refsource CONFIRM","Issue Tracking","WEB",{"url":79,"sources":80,"tags":81},"https://access.redhat.com/errata/RHSA-2018:0002",[66,60],[68,69],{"url":83,"sources":84,"tags":85},"https://access.redhat.com/errata/RHSA-2017:3458",[66,60],[68,69],{"url":87,"sources":88,"tags":89},"https://issues.jboss.org/browse/UNDERTOW-1251",[66,60,73],[75,76,68,77],{"url":91,"sources":92,"tags":93},"https://access.redhat.com/errata/RHSA-2018:0004",[66,60],[68,69],{"url":95,"sources":96,"tags":97},"https://access.redhat.com/errata/RHSA-2017:3455",[66,60],[68,69],{"url":99,"sources":100,"tags":101},"https://access.redhat.com/errata/RHSA-2017:3456",[66,60],[68,69],{"url":103,"sources":104,"tags":105},"https://access.redhat.com/errata/RHSA-2018:0003",[66,60],[68,69],{"url":107,"sources":108,"tags":109},"https://access.redhat.com/errata/RHSA-2018:0005",[66,60],[68,69],{"url":111,"sources":112,"tags":113},"https://access.redhat.com/errata/RHSA-2017:3454",[66,60],[68,69],{"url":115,"sources":116,"tags":117},"https://nvd.nist.gov/vuln/detail/CVE-2017-7559",[73],[118],"Advisory",{"url":120,"sources":121,"tags":122},"https://github.com/undertow-io/undertow",[73],[123],"PACKAGE",[],{"date":126,"score":56,"percentile":127},"2026-06-04",0.78644,[129,132,135,138,141,144,147,150,153,156,159,162,165,168,171,175,178,181,184,186,189,192,195,197,200,203,205,208,211,214,217,220,222,225,227,229,232,235,238,241,243,246,249,252,255,258,261,264,266,268,271,273,276,279,282,285,287,290,293,296,299,301,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,353,356,359,362,365,368,371,373,376,379,382],{"date":130,"score":56,"percentile":131},"2025-11-04",0.7761,{"date":133,"score":56,"percentile":134},"2025-11-05",0.77613,{"date":136,"score":56,"percentile":137},"2025-11-06",0.77612,{"date":139,"score":56,"percentile":140},"2025-11-07",0.77626,{"date":142,"score":56,"percentile":143},"2025-11-08",0.77631,{"date":145,"score":56,"percentile":146},"2025-11-09",0.77627,{"date":148,"score":56,"percentile":149},"2025-11-10",0.77615,{"date":151,"score":56,"percentile":152},"2025-11-11",0.77618,{"date":154,"score":56,"percentile":155},"2025-11-12",0.77636,{"date":157,"score":56,"percentile":158},"2025-11-13",0.77645,{"date":160,"score":56,"percentile":161},"2025-11-14",0.77654,{"date":163,"score":56,"percentile":164},"2025-11-15",0.7765,{"date":166,"score":56,"percentile":167},"2025-11-16",0.77652,{"date":169,"score":56,"percentile":170},"2025-11-17",0.77647,{"date":172,"score":173,"percentile":174},"2025-11-18",0.0112,0.76383,{"date":176,"score":173,"percentile":177},"2025-11-19",0.7639,{"date":179,"score":173,"percentile":180},"2025-11-20",0.76401,{"date":182,"score":56,"percentile":183},"2025-11-21",0.77672,{"date":185,"score":56,"percentile":183},"2025-11-22",{"date":187,"score":56,"percentile":188},"2025-11-23",0.77658,{"date":190,"score":56,"percentile":191},"2025-11-24",0.77657,{"date":193,"score":56,"percentile":194},"2025-11-25",0.77664,{"date":196,"score":56,"percentile":183},"2025-11-26",{"date":198,"score":56,"percentile":199},"2025-11-27",0.77675,{"date":201,"score":56,"percentile":202},"2025-11-28",0.77666,{"date":204,"score":56,"percentile":199},"2025-11-29",{"date":206,"score":56,"percentile":207},"2025-11-30",0.77671,{"date":209,"score":56,"percentile":210},"2025-12-01",0.7778,{"date":212,"score":56,"percentile":213},"2025-12-02",0.77788,{"date":215,"score":56,"percentile":216},"2025-12-03",0.77774,{"date":218,"score":56,"percentile":219},"2025-12-04",0.77662,{"date":221,"score":56,"percentile":202},"2025-12-05",{"date":223,"score":56,"percentile":224},"2025-12-06",0.7767,{"date":226,"score":56,"percentile":202},"2025-12-07",{"date":228,"score":56,"percentile":207},"2025-12-08",{"date":230,"score":56,"percentile":231},"2025-12-09",0.77693,{"date":233,"score":56,"percentile":234},"2025-12-10",0.77719,{"date":236,"score":56,"percentile":237},"2025-12-11",0.77733,{"date":239,"score":56,"percentile":240},"2025-12-12",0.77754,{"date":242,"score":56,"percentile":240},"2025-12-13",{"date":244,"score":56,"percentile":245},"2025-12-14",0.77752,{"date":247,"score":56,"percentile":248},"2025-12-15",0.77749,{"date":250,"score":56,"percentile":251},"2025-12-16",0.7776,{"date":253,"score":56,"percentile":254},"2025-12-17",0.77769,{"date":256,"score":56,"percentile":257},"2025-12-18",0.77785,{"date":259,"score":56,"percentile":260},"2025-12-19",0.77798,{"date":262,"score":56,"percentile":263},"2025-12-20",0.77792,{"date":265,"score":56,"percentile":257},"2025-12-21",{"date":267,"score":56,"percentile":257},"2025-12-22",{"date":269,"score":56,"percentile":270},"2025-12-23",0.77786,{"date":272,"score":56,"percentile":260},"2025-12-24",{"date":274,"score":56,"percentile":275},"2025-12-25",0.77817,{"date":277,"score":56,"percentile":278},"2025-12-26",0.77813,{"date":280,"score":56,"percentile":281},"2025-12-27",0.77861,{"date":283,"score":56,"percentile":284},"2025-12-28",0.77801,{"date":286,"score":56,"percentile":260},"2025-12-29",{"date":288,"score":56,"percentile":289},"2025-12-30",0.77804,{"date":291,"score":56,"percentile":292},"2025-12-31",0.77818,{"date":294,"score":56,"percentile":295},"2026-01-01",0.77938,{"date":297,"score":56,"percentile":298},"2026-01-02",0.77939,{"date":300,"score":56,"percentile":295},"2026-01-03",{"date":302,"score":56,"percentile":292},"2026-01-04",{"date":304,"score":56,"percentile":305},"2026-01-05",0.7781,{"date":307,"score":56,"percentile":308},"2026-01-06",0.7782,{"date":310,"score":56,"percentile":311},"2026-01-07",0.77826,{"date":313,"score":56,"percentile":314},"2026-01-08",0.77833,{"date":316,"score":56,"percentile":317},"2026-01-09",0.77838,{"date":319,"score":56,"percentile":320},"2026-01-10",0.77837,{"date":322,"score":56,"percentile":323},"2026-01-11",0.7783,{"date":325,"score":56,"percentile":326},"2026-01-12",0.77816,{"date":328,"score":56,"percentile":329},"2026-01-13",0.77814,{"date":331,"score":56,"percentile":332},"2026-01-14",0.77836,{"date":334,"score":56,"percentile":335},"2026-01-15",0.77839,{"date":337,"score":56,"percentile":338},"2026-01-16",0.77848,{"date":340,"score":56,"percentile":341},"2026-01-17",0.77854,{"date":343,"score":56,"percentile":344},"2026-01-18",0.77849,{"date":346,"score":56,"percentile":347},"2026-01-19",0.77847,{"date":349,"score":56,"percentile":350},"2026-01-20",0.77841,{"date":352,"score":56,"percentile":347},"2026-01-21",{"date":354,"score":56,"percentile":355},"2026-01-22",0.77853,{"date":357,"score":56,"percentile":358},"2026-01-23",0.7788,{"date":360,"score":56,"percentile":361},"2026-01-24",0.77891,{"date":363,"score":56,"percentile":364},"2026-01-25",0.77882,{"date":366,"score":56,"percentile":367},"2026-01-26",0.77877,{"date":369,"score":56,"percentile":370},"2026-01-27",0.77876,{"date":372,"score":56,"percentile":364},"2026-01-28",{"date":374,"score":56,"percentile":375},"2026-01-29",0.77878,{"date":377,"score":56,"percentile":378},"2026-01-30",0.77881,{"date":380,"score":56,"percentile":381},"2026-01-31",0.77883,{"date":383,"score":56,"percentile":384},"2026-02-01",0.77996,[386,396],{"source":60,"cvss_v2_0":387,"cvss_v3_0":392,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":388,"baseSeverity":9,"vectorString":389,"impactScore":390,"exploitabilityScore":391},5.8,"AV:N/AC:M/Au:N/C:P/I:P/A:N",4.9,8.6,{"baseScore":58,"baseSeverity":393,"vectorString":61,"impactScore":394,"exploitabilityScore":395},"MEDIUM",4.5,7.2,{"source":73,"cvss_v2_0":9,"cvss_v3_0":397,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":58,"baseSeverity":9,"vectorString":61,"impactScore":394,"exploitabilityScore":395},[399,422,433],{"ecosystem":400,"name":401,"vendor":402,"product":403,"cpe_part":9,"purl_type":404,"purl_namespace":402,"purl_name":403,"source":9,"versions":405},"Maven","io.undertow:undertow-core","io.undertow","undertow-core","maven",[406,414,418],{"version":407,"is_range":408,"range_type":409,"version_start":410,"version_start_type":411,"version_end":412,"version_end_type":413,"fixed_in":9},"gte1_4_0_lt1_4_17_Final",true,"ecosystem","1.4.0","including","1.4.17.Final","excluding",{"version":415,"is_range":408,"range_type":409,"version_start":416,"version_start_type":411,"version_end":417,"version_end_type":413,"fixed_in":9},"gte1_3_0_lt1_3_31_Final","1.3.0","1.3.31.Final",{"version":419,"is_range":408,"range_type":409,"version_start":420,"version_start_type":411,"version_end":421,"version_end_type":413,"fixed_in":9},"gte2_0_0_Alpha1_lt2_0_0_Alpha2","2.0.0.Alpha1","2.0.0.Alpha2",{"ecosystem":9,"name":423,"vendor":424,"product":423,"cpe_part":425,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":426},"undertow","red hat, inc.","a",[427,429,431],{"version":428,"is_range":54,"range_type":66,"version_start":428,"version_start_type":411,"version_end":428,"version_end_type":411,"fixed_in":9},"2.x before 2.0.0.Alpha2",{"version":430,"is_range":54,"range_type":66,"version_start":430,"version_start_type":411,"version_end":430,"version_end_type":411,"fixed_in":9},"1.4.x before 1.4.17.Final",{"version":432,"is_range":54,"range_type":66,"version_start":432,"version_start_type":411,"version_end":432,"version_end_type":411,"fixed_in":9},"1.3.x before 1.3.31.Final",{"ecosystem":9,"name":423,"vendor":434,"product":423,"cpe_part":425,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":435},"redhat",[436,440,443],{"version":437,"is_range":408,"range_type":438,"version_start":416,"version_start_type":411,"version_end":439,"version_end_type":413,"fixed_in":9},"gte1.3.0_lt1.3.31","cpe","1.3.31",{"version":441,"is_range":408,"range_type":438,"version_start":410,"version_start_type":411,"version_end":442,"version_end_type":413,"fixed_in":9},"gte1.4.0_lt1.4.17","1.4.17",{"version":444,"is_range":54,"range_type":438,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.0:alpha1"]