Description
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Remediation
References
Related Vulnerabilities
WordPress Plugin CONTUS VBLOG-Video Blogging 'save.php' Arbitrary File Upload (1.0)
MySQL CVE-2024-20996 Vulnerability (CVE-2024-20996)
Oracle JRE CVE-2012-0503 Vulnerability (CVE-2012-0503)
WordPress Plugin Church Admin Arbitrary File Upload (4.4.6)
WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.6.9.1)