Path traversal in Undertow

#VU26052 Path traversal in Undertow

Published: 2020-03-13

Vulnerability identifier: #VU26052

Vulnerability risk: High

CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C]

CVE-ID: CVE-2020-1745

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Undertow
Server applications / Web servers

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error in AJP connector. A remote attacker can send a specially crafted HTTP request to port 8009/tcp and read arbitrary files on the system.

Note, this vulnerability can lead to system compromise.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Undertow: 2.0.0 - 2.0.29

External links
http://access.redhat.com/errata/RHSA-2020:0812
http://access.redhat.com/security/cve/CVE-2020-1745

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Red Hat JBoss Enterprise Application Platform 7.2 update for undertow

Arbitrary file inclusion in Red Hat Undertow AJP connector