vulnerability

Ubuntu: (CVE-2018-1067): undertow vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	May 21, 2018	Jun 26, 2025	Jun 26, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

May 21, 2018

Added

Jun 26, 2025

Modified

Jun 26, 2025

Description

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.

Solution

no-fix-ubuntu-package

References

CVE-2018-1067
https://attackerkb.com/topics/CVE-2018-1067
URL-https://issues.jboss.org/browse/UNDERTOW-1302
URL-https://www.cve.org/CVERecord?id=CVE-2018-1067

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today