CVE-2020-1757

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757 Issue Tracking Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:undertow:2.0.0:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.0.25:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.0.26:sp3:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.0.28:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.0.28:sp2:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

Information

Published : 2020-04-21 10:15

Updated : 2020-04-30 08:55


NVD link : CVE-2020-1757

Mitre link : CVE-2020-1757


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

redhat

  • undertow
  • jboss_data_grid
  • jboss_enterprise_application_platform
  • single_sign-on
  • openshift_application_runtimes
  • jboss_fuse