CVE-2020-1757

2020-03-17T17:10:53
ID RH:CVE-2020-1757
Type redhatcve
Reporter redhat.com
Modified 2021-03-21T06:49:14

Description

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass.

Mitigation

The issue can be mitigated by configuring UrlPathHelper to ignore the servletPath via setting "alwaysUseFullPath".