CVE-2017-7658 -- jetty8, jetty9ID: oval:org.secpod.oval:def:1901427 | Date: (C)2019-06-07 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x , and 9.4.x , when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored . If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
Platform: |
Ubuntu 16.04 |
Ubuntu 14.04 |
Ubuntu 18.04 |