undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser
It was found that the AJP connector in undertow does not use the ALLOWENCODEDSLASH option and thus allows the slash and anti-slash characters encoded in a URL. This may lead to path traversal and result in the information disclosure of arbitrary local files...