CVE-2020-1757

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

Severity Score

8.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

Se encontró un fallo en todas las versiones undertow-2.x.x SP1 anteriores a undertow-2.0.30.SP1, en todas las versiones undertow-1.x.x y versiones undertow-2.x.x anteriores a undertow-2.1.0.Final, donde el contenedor de servlets causa que servletPath se normalice incorrectamente al truncar la ruta después del punto y coma, lo que puede conllevar a un mapeo de la aplicación resultando en la omisión de la seguridad.

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-11-27 CVE Reserved
2020-04-21 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757	2020-04-30
https://access.redhat.com/security/cve/CVE-2020-1757	2024-08-26
https://bugzilla.redhat.com/show_bug.cgi?id=1752770	2024-08-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Undertow Search vendor "Redhat" for product "Undertow"				< 2.1.0 Search vendor "Redhat" for product "Undertow" and version " < 2.1.0"		-		Affected
Redhat Search vendor "Redhat"		Undertow Search vendor "Redhat" for product "Undertow"				2.0.0 Search vendor "Redhat" for product "Undertow" and version "2.0.0"		sp1		Affected
Redhat Search vendor "Redhat"		Undertow Search vendor "Redhat" for product "Undertow"				2.0.25 Search vendor "Redhat" for product "Undertow" and version "2.0.25"		sp1		Affected
Redhat Search vendor "Redhat"		Undertow Search vendor "Redhat" for product "Undertow"				2.0.26 Search vendor "Redhat" for product "Undertow" and version "2.0.26"		sp3		Affected
Redhat Search vendor "Redhat"		Undertow Search vendor "Redhat" for product "Undertow"				2.0.28 Search vendor "Redhat" for product "Undertow" and version "2.0.28"		sp1		Affected
Redhat Search vendor "Redhat"		Undertow Search vendor "Redhat" for product "Undertow"				2.0.28 Search vendor "Redhat" for product "Undertow" and version "2.0.28"		sp2		Affected
Redhat Search vendor "Redhat"		Jboss Data Grid Search vendor "Redhat" for product "Jboss Data Grid"				7.0.0 Search vendor "Redhat" for product "Jboss Data Grid" and version "7.0.0"		-		Affected
Redhat Search vendor "Redhat"		Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"				7.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0.0"		-		Affected
Redhat Search vendor "Redhat"		Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse"				6.0.0 Search vendor "Redhat" for product "Jboss Fuse" and version "6.0.0"		-		Affected
Redhat Search vendor "Redhat"		Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse"				7.0.0 Search vendor "Redhat" for product "Jboss Fuse" and version "7.0.0"		-		Affected
Redhat Search vendor "Redhat"		Openshift Application Runtimes Search vendor "Redhat" for product "Openshift Application Runtimes"				-		-		Affected
Redhat Search vendor "Redhat"		Single Sign-on Search vendor "Redhat" for product "Single Sign-on"				7.0 Search vendor "Redhat" for product "Single Sign-on" and version "7.0"		-		Affected