subject:"Bug#891928\: CVE\-2018\-1048\: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser"

Bug#891928: CVE-2018-1048: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser

2018-03-03 Thread Markus Koschany

Link to patch:

https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5



signature.asc
Description: OpenPGP digital signature

Bug#891928: CVE-2018-1048: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser

2018-03-02 Thread Markus Koschany

Source: undertow
Version: 1.4.8-1+deb9u1
Severity: grave
Tags: security
Forwarded: https://issues.jboss.org/browse/UNDERTOW-1245

It was found that the AJP connector in undertow, as shipped in Jboss
EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus
allow the the slash / anti-slash characters encoded in the url which
may lead to path traversal and result in the information disclosure of
arbitrary local files.

Upstream bug:

https://issues.jboss.org/browse/UNDERTOW-1245

This was apparently fixed in 1.4.22.

Bug#891928: CVE-2018-1048: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser

Bug#891928: CVE-2018-1048: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser

2 matches

Site Navigation

Mail list logo

Footer information