Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Minor
Fix Version/s: 2.2.30.SP1, 2.3.11.SP1, 2.3.12.Final, 2.2.31.Final
Affects Version/s: None
Component/s: None
Labels:
None

In a setup when Undertow is accessed via a proxy, and the proxy is configured to redirect to some non-root request path on the EAP server, a client can break out of the configured request path by using "/..;/" string in the request URI path.

is incorporated by

WFCORE-6709 CVE-2023-5379 CVE-2024-1459 CVE-2024-1635 Upgrade Undertow to 2.3.12.Final

Resolved

Assignee:: Tomas Hofman

Reporter:: Tomas Hofman

Contributors:: Alessio Soldano, Bartosz Baranowski, Brad Maxwell, Brian Stansberry, Carlo de Wolf, Chess Hazlett, Daniel Kreling, Darran Lofthouse, Farah Juma, Ilia Vassilev, Ingo Weiss, Lin Gao, Martin Stefanko, Martin Svehla, Michaela Osmerova, Miroslav Sochurek, Neil Wallace, Paramvir Jindal, Peter Mackay, Radovan Stancel, Stefano Maestri, Tom Jenkinson, Vladimir Dosoudil

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/01/26 5:14 PM

Updated:: 2024/04/18 9:42 PM

Resolved:: 2024/02/12 4:38 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates