CVE-2017-7658 High Severity Vulnerability detected by WhiteSource

## CVE-2017-7658 - High Severity Vulnerability
<details><summary><img src='https://www.whitesourcesoftware.com/wp-content/uploads/2018/10/vulnerability_details.png' width=24 height=25> Vulnerable Libraries - jetty-server-9.1.0.v20131115.jar, jetty-http-9.1.0.v20131115.jar</summary>


<details><summary>jetty-server-9.1.0.v20131115.jar</summary>
path: 2/repository/org/eclipse/jetty/jetty-server/9.1.0.v20131115/jetty-server-9.1.0.v20131115.jar


Library home page: <a href=http://www.eclipse.org/jetty>http://www.eclipse.org/jetty</a>

Dependency Hierarchy:
 - :x: **jetty-server-9.1.0.v20131115.jar** (Vulnerable Library)
</details>
<details><summary>jetty-http-9.1.0.v20131115.jar</summary>
path: /root/.m2/repository/org/eclipse/jetty/jetty-http/9.1.0.v20131115/jetty-http-9.1.0.v20131115.jar


Library home page: <a href=http://www.eclipse.org/jetty>http://www.eclipse.org/jetty</a>

Dependency Hierarchy:
 - jetty-server-9.1.0.v20131115.jar (Root Library)
 - :x: **jetty-http-9.1.0.v20131115.jar** (Vulnerable Library)
</details>

Found in commit: <a href="https://github.com/qaseleniumtesting01/eee/commit/f396e60bf74726f66a202d308a1f2865177e4bee">f396e60bf74726f66a202d308a1f2865177e4bee</a>

</details>

<details><summary><img src='https://www.whitesourcesoftware.com/wp-content/uploads/2018/10/high_vul.png' width=24 height=25> Vulnerability Details</summary>
 
 
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Publish Date: 2018-06-26
URL: <a href=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658>CVE-2017-7658</a>

</details>

<details><summary><img src='https://www.whitesourcesoftware.com/wp-content/uploads/2018/10/cvss3.png' width=24 height=25> CVSS 3 Score Details (9.8)</summary>


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Network
 - Attack Complexity: Low
 - Privileges Required: None
 - User Interaction: None
 - Scope: Unchanged
- Impact Metrics:
 - Confidentiality Impact: High
 - Integrity Impact: High
 - Availability Impact: High

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.

</details>

<details><summary><img src='https://www.whitesourcesoftware.com/wp-content/uploads/2018/10/suggested_fix.png' width=24 height=25> Suggested Fix</summary>


Type: Upgrade version
Origin: <a href="http://www.securitytracker.com/id/1041194">http://www.securitytracker.com/id/1041194</a>

Fix Resolution: The vendor has issued a fix (9.4.11.v20180605).

9.2.25.v20180606, 9.3.24.v20180605


The vendor advisory is available at:

http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00123.html


</details>


***
Step up your Open Source Security Game with WhiteSource [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2017-7658 High Severity Vulnerability detected by WhiteSource #18

CVE-2017-7658 - High Severity Vulnerability

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2017-7658 High Severity Vulnerability detected by WhiteSource #18

Description

CVE-2017-7658 - High Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions