CVE-2020-1757

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.0.0:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.0.25:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.0.26:sp3:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.0.28:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.0.28:sp2:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-21 17:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-1757

Mitre link : CVE-2020-1757

CVE.ORG link : CVE-2020-1757


JSON object : View

Products Affected

redhat

  • jboss_data_grid
  • undertow
  • jboss_enterprise_application_platform
  • openshift_application_runtimes
  • jboss_fuse
  • single_sign-on
CWE
CWE-20

Improper Input Validation

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor