CVE-2020-1757
8.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | undertow | all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1 | affected |
| Red Hat | undertow | all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final | affected |
Weaknesses
- CWE-20: CWE-20
- CWE-200: CWE-200
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.