CVE-2017-7657 : In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Published 2018-06-26 16:29:00

Updated 2021-07-20 23:15:13

Source Eclipse Foundation

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2017-7657

HP » Xp P9000 Command View » Advanced Edition
Versions from including (>=) 8.4.0-00 and before (<) 8.6.2-00
cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*
Matching versions
When used together with: HP » Xp P9000 » Version: N/A
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Oracle » Retail Xstore Point Of Service » Version: 7.1
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
Matching versions
Oracle » Retail Xstore Point Of Service » Version: 15.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
Matching versions
Oracle » Retail Xstore Point Of Service » Version: 16.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
Matching versions
Oracle » Retail Xstore Point Of Service » Version: 17.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
Matching versions
Oracle » Rest Data Services » Version: 11.2.0.4
cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
Matching versions
Oracle » Rest Data Services » Version: 12.1.0.2
cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
Matching versions
Oracle » Rest Data Services » Version: 12.2.0.1
cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
Matching versions
Oracle » Rest Data Services » Version: 18C
cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
Matching versions
Netapp » Oncommand System Manager » Version: 3.X
cpe:2.3:a:netapp:oncommand_system_manager:3.x:*:*:*:*:*:*:*
Matching versions
Netapp » Snap Creator Framework
Versions before (<) 4.3.3
cpe:2.3:a:netapp:snap_creator_framework:*:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Unified Manager
Versions before (<) 5.2.4
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*
Matching versions
Netapp » Snapmanager » For SAP
Versions before (<) 3.4.2
cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*
Matching versions
Netapp » Snapmanager » For Oracle
Versions before (<) 3.4.2
cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*
Matching versions
Netapp » Element Software » Version: N/A
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
Matching versions
Netapp » Santricity Cloud Connector » Version: N/A
cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*
Matching versions
Netapp » Element Software Management Node » Version: N/A
cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapcenter
Versions before (<) 4.1p3
cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Os Controller
Versions from including (>=) 11.0 and up to, including, (<=) 11.50.1
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Management » Version: N/A
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Web Services » Version: N/A
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Storage Nodes » Version: N/A
cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*
Matching versions
Eclipse » Jetty
Versions from including (>=) 9.4.0 and before (<) 9.4.11
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
Matching versions
Eclipse » Jetty
Versions up to, including, (<=) 9.2.26
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
Matching versions
Eclipse » Jetty
Versions from including (>=) 9.3.0 and before (<) 9.3.24
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-7657

EPSS FAQ

4.84%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-7657

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-7657

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: nvd@nist.gov (Primary)
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
Assigned by:
- emo@eclipse.org (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2017-7657

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

[GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpuoct2020.html

Oracle Critical Patch Update Advisory - October 2020
Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8@%3Ccommits.druid.apache.org%3E

Pony Mail!

CVEs referencing this url
https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668

535668 – (CVE-2017-7657) Jetty: CVE Request: Transfer-Encoding Request Smuggling
Third Party Advisory
https://security.netapp.com/advisory/ntap-20181014-0001/

September 2018 Eclipse Jetty Vulnerabilities in NetApp Products | NetApp Product Security
Patch;Third Party Advisory

CVEs referencing this url
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Page not found | Oracle
Patch;Third Party Advisory

CVEs referencing this url
https://www.oracle.com//security-alerts/cpujul2021.html

Oracle Critical Patch Update Advisory - July 2021

CVEs referencing this url
https://www.debian.org/security/2018/dsa-4278

Debian -- Security Information -- DSA-4278-1 jetty9
Third Party Advisory

CVEs referencing this url
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us

HPESBST03953 rev.1 - HPE Command View Advanced Edition (CVAE), Multiple Vulnerabilities
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:0910

RHSA-2019:0910 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574@%3Ccommits.druid.apache.org%3E

[GitHub] [druid] kingnj opened a new issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae@%3Ccommits.druid.apache.org%3E

Pony Mail!

CVEs referencing this url
http://www.securitytracker.com/id/1041194

Jetty Multiple Flaws Let Remote Users Conduct HTTP Request Smuggling and Session Hijacking Attacks and Determine the Installation Path - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

[GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E

Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-7657

Products affected by CVE-2017-7657

Exploit prediction scoring system (EPSS) score for CVE-2017-7657

CVSS scores for CVE-2017-7657

CWE ids for CVE-2017-7657

References for CVE-2017-7657