REDHAT-BUG-2458187
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing at \r\n inside quoted strings instead of treating this as an error. POST / HTTP/1.1 Host: localhost Transfer-Encoding: chunked 1;ext="val X 0 GET /smuggled HTTP/1.1 ... Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2458187?
The severity of REDHAT-BUG-2458187 is considered critical due to the potential for request smuggling attacks.
How do I fix REDHAT-BUG-2458187?
To fix REDHAT-BUG-2458187, you should upgrade to a patched version of Eclipse Jetty that addresses this vulnerability.
What systems are affected by REDHAT-BUG-2458187?
Eclipse Jetty is the affected software for REDHAT-BUG-2458187.
What type of vulnerability is REDHAT-BUG-2458187?
REDHAT-BUG-2458187 is a request smuggling vulnerability related to chunk extensions in HTTP/1.1.
Can REDHAT-BUG-2458187 be exploited remotely?
Yes, REDHAT-BUG-2458187 can be exploited remotely if the affected version of Eclipse Jetty is accessible on the network.