Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.1.CR1, 7.1.1.GA
Affects Version/s: 7.1.0.CR3
Component/s: Undertow
Labels:
- downstream_dependency
- qe-pre-ack

Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1489846
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.z.GA
Git Pull Request:
https://github.com/jbossas/redhat-undertow/commit/ca13cee5b20a8b455fd91546f5c0ec3d12836a01

Sprint:
EAP 7.1.1

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

We receive a 400 response code if using UTF-8 characters for a request, due to this check:

https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/protocol/http/HttpRequestParser.java#L375

This was introduced in UNDERTOW-1101. We want to understand why it is necessary for the CVE/CWE regarding request smuggling, but this ticket is to at least make this check optional as it goes against the URL_ENCODING UndertowOption when set to UTF-8 (default).

clones

WFLY-9724 Undertow does not allow UTF-8 characters in URLs

Closed

duplicates

JBEAP-13393 [GSS](7.1.z) Allow special characters in HTTP request

Closed

is caused by

UNDERTOW-1185 Undertow does not allow UTF-8 characters in URLs

Resolved

is cloned by

JBEAP-13711 (7.0.z) Undertow does not allow UTF-8 characters in URLs

Resolved

is incorporated by

JBEAP-13744 [GSS](7.1.z) Upgrade undertow from 1.4.18.Final to 1.4.18.SP1

Closed

relates to

JBEAP-13751 [GSS](7.1.z) UNDERTOW-1221 - url-charset="MS949" did not work in ajp-listener

Closed

(1 relates to)

Assignee:: Stuart Douglas (Inactive)

Reporter:: Alessandro Bellina (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2017/11/04 6:22 PM

Updated:: 2024/09/02 3:21 PM

Resolved:: 2018/01/15 5:15 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates