Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-13711

(7.0.z) Undertow does not allow UTF-8 characters in URLs

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • 7.1.0.CR3
    • Undertow
    • None

      We receive a 400 response code if using UTF-8 characters for a request, due to this check:

      https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/protocol/http/HttpRequestParser.java#L375

      This was introduced in UNDERTOW-1101. We want to understand why it is necessary for the CVE/CWE regarding request smuggling, but this ticket is to at least make this check optional as it goes against the URL_ENCODING UndertowOption when set to UTF-8 (default).

            sdouglas1@redhat.com Stuart Douglas
            sdouglas1@redhat.com Stuart Douglas
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: