Undertow's url-encoded request path information can be broken on ajp-listener
High severity
GitHub Reviewed
Published
Jun 20, 2024
to the GitHub Advisory Database
•
Updated Jun 20, 2024
Package
Affected versions
< 2.3.14.Final
Patched versions
2.3.14.Final
Description
Published by the National Vulnerability Database
Jun 20, 2024
Published to the GitHub Advisory Database
Jun 20, 2024
Reviewed
Jun 20, 2024
Last updated
Jun 20, 2024
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of service.
References