Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 2.0.0.Beta1, 1.4.18.SP1, 1.3.32.Final, 1.4.22.Final
Affects Version/s: 1.4.20.Final
Component/s: Core
Labels:
- downstream_dependency

We receive a 400 response code if using UTF-8 characters for a request, due to this check:

https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/protocol/http/HttpRequestParser.java#L375

This was introduced in UNDERTOW-1101. We want to understand why it is necessary for the CVE/CWE regarding request smuggling, but this ticket is to at least make this check optional as it goes against the URL_ENCODING UndertowOption when set to UTF-8 (default).

causes

WFLY-9724 Undertow does not allow UTF-8 characters in URLs

Closed

JBEAP-13710 [GSS](7.1.z) UNDERTOW-1185 - Undertow does not allow UTF-8 characters in URLs

Closed

duplicates

UNDERTOW-1256 Allow special characters in HTTP request

Resolved

relates to

WFLY-10929 Unescaped characters in URL from client does not work correctly when allowed for HTTP and HTTPS listeners

Resolved

JBEAP-15994 [GSS](7.2.z) Unescaped characters in URL from client does not work correctly when allowed for HTTP and HTTPS listeners

Closed

Assignee:: Stuart Douglas (Inactive)

Reporter:: Alessandro Bellina (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/09/26 2:04 PM

Updated:: 2021/10/24 5:42 AM

Resolved:: 2017/11/04 6:45 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates