Bug 1489846 - [GSS](6.4.z) To allow |{} and other special unicode characters in HTTP Requests.
Summary: [GSS](6.4.z) To allow |{} and other special unicode characters in HTTP Requests.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web
Version: 6.4.17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR1
: EAP 6.4.18
Assignee: jboss-set
QA Contact: Michael Cada
URL:
Whiteboard:
: 1491607 (view as bug list)
Depends On: 1399014
Blocks: 1491857 eap6418-payload 1491102
TreeView+ depends on / blocked
 
Reported: 2017-09-08 13:17 UTC by Prageetika Sharma
Modified: 2021-08-30 11:53 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-06 18:31:19 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker JBEAP-13710 0 Major Verified [GSS](7.1.z) UNDERTOW-1185 - Undertow does not allow UTF-8 characters in URLs 2019-07-02 14:42:53 UTC
Red Hat Knowledge Base (Solution) 3181201 0 None None None 2017-09-13 06:16:35 UTC

Description Prageetika Sharma 2017-09-08 13:17:45 UTC 
Description of problem:

After the fix to CVE-2016-6816, requests with umlauts or other special unicode characters in the URL receive a 400 with no option to allow them again. 
Could an option be added to allow such special characters again in URLs?

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 4 Rémy Maucherat 2017-09-14 10:38:48 UTC 
*** Bug 1491607 has been marked as a duplicate of this bug. ***
Comment 14 Jiří Bílek 2017-10-24 08:25:56 UTC 
Backslash in url is still not allowed BZ1505438

Use cases from customers is fixed.
Verified with EAP 6.4.18.CP.CR1
Comment 17 Petr Penicka 2017-12-06 18:31:19 UTC 
Released on Nov 14 2017 as part of EAP 6.4.18.
Note You need to log in before you can comment on or make changes to this bug.