Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2334

CVE-2024-6162 url-encoded request path information can be broken on ajp-listener

XMLWordPrintable

    This is a race condition issue where the URL-encoded request path information can be broken for concurrent requests on ajp-listener.

    The request path is decoded through AjpRequestParser on ajp-listener. However, the same StringBuilder instance (decodedBuffer) is passed to URLUtils.decode() for any requests in AjpRequestParser. So, the decodedBuffer can be mixed up, and the decoded request path information (relativePath and requestPath in HttpServerExchange) can be broken when the decode processing is invoked for multiple requests concurrently. In that case, the request will be processed as the wrong path information and fail with "404 Not Found" for static contents (or causing application error due to the wrong path information, etc).

          flaviarnn Flavia Rainone
          rhn-support-mmiura Masafumi Miura
          Votes:
          0 Vote for this issue
          Watchers:
          3 Start watching this issue

            Created:
            Updated:
            Resolved: