PT-2020-15038 · Red Hat · Undertow

Published

2020-04-21

Updated

2022-05-24

CVE-2020-1757

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions undertow versions prior to 2.0.30.SP1 undertow versions prior to 2.1.0.Final

Description A flaw was found in the Servlet container where it causes servletPath to normalize incorrectly by truncating the path after a semicolon, which may lead to an application mapping resulting in a security bypass.

Recommendations For undertow versions prior to 2.0.30.SP1, update to version 2.0.30.SP1 or later. For undertow versions prior to 2.1.0.Final, update to version 2.1.0.Final or later.

Fix

RCE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-200

Related Identifiers

CVE-2020-1757

GHSA-2W73-FQQJ-C92P

RHSA-2020:2058

RHSA-2020:2059

RHSA-2020:2060

RHSA-2020:2511

RHSA-2020:2512

RHSA-2020:2513

RHSA-2024:5856

Affected Products

Undertow

PT-2020-15038 · Red Hat · Undertow

CVE-2020-1757

Weakness Enumeration

Related Identifiers

Affected Products

References · 10