A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat undertow 2.0.0 |
||
redhat undertow 2.0.25 |
||
redhat undertow 2.0.26 |
||
redhat undertow 2.0.28 |
||
redhat undertow |
||
redhat jboss data grid 7.0.0 |
||
redhat jboss enterprise application platform 7.0.0 |
||
redhat jboss fuse 6.0.0 |
||
redhat jboss fuse 7.0.0 |
||
redhat openshift application runtimes - |
||
redhat single sign-on 7.0 |