8.1
CVE-2020-1757
- EPSS 0.46%
- Veröffentlicht 21.04.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:11:19
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Data Grid Version7.0.0
Redhat ≫ Jboss Enterprise Application Platform Version7.0.0
Redhat ≫ Jboss Fuse Version6.0.0
Redhat ≫ Jboss Fuse Version7.0.0
Redhat ≫ Openshift Application Runtimes Version-
Redhat ≫ Single Sign-on Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.634 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
| secalert@redhat.com | 8.1 | 2.8 | 5.2 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.