CVE-2020-1757 vulnerability in Red Hat Products
Published on April 21, 2020

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

NVD

Weakness Types

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2020-1757 has been classified to as an Information Disclosure vulnerability or weakness.

Products Associated with CVE-2020-1757

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Jboss Data Grid

Red Hat Jboss Enterprise Application Platform

Red Hat Jboss Fuse

Red Hat Openshift Application Runtimes

Red Hat Single Sign On

Red Hat Undertow

Affected Versions

Red Hat undertow:

Version all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1 is affected.
Version all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final is affected.

Exploit Probability

EPSS

0.46%

Percentile

64.02%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.