Red Hat JBoss EAP: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
6
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
04/21/2020
06/04/2020
06/03/2020
04/10/2023
Description
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Solution(s)
- red-hat-jboss-eap-upgrade-7_2_8
- red-hat-jboss-eap-upgrade-7_3_1
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center