Bug 1807305 (CVE-2020-1745) - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
Summary: CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-1745
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1808147 1807654 1807658
Blocks: 1806546
TreeView+ depends on / blocked
 
Reported: 2020-02-26 04:02 UTC by Kunjan Rathod
Modified: 2020-05-28 16:00 UTC (History)
79 users (show)

Fixed In Version: Undertow 2.0.30.Final
Doc Type: If docs needed, set a value
Doc Text:
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.
Clone Of:
Environment:
Last Closed: 2020-03-12 22:32:08 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:0812 None None None 2020-03-12 17:07:43 UTC
Red Hat Product Errata RHSA-2020:0813 None None None 2020-03-12 17:21:08 UTC
Red Hat Product Errata RHSA-2020:0952 None None None 2020-03-23 20:18:34 UTC
Red Hat Product Errata RHSA-2020:0961 None None None 2020-03-24 11:14:09 UTC
Red Hat Product Errata RHSA-2020:0962 None None None 2020-03-24 11:39:03 UTC
Red Hat Product Errata RHSA-2020:2058 None None None 2020-05-11 20:11:07 UTC
Red Hat Product Errata RHSA-2020:2059 None None None 2020-05-11 20:14:06 UTC
Red Hat Product Errata RHSA-2020:2060 None None None 2020-05-11 20:17:05 UTC
Red Hat Product Errata RHSA-2020:2061 None None None 2020-05-11 20:20:14 UTC
Red Hat Product Errata RHSA-2020:2333 None None None 2020-05-28 16:00:07 UTC

Description Kunjan Rathod 2020-02-26 04:02:50 UTC
A file read/inclusion vulnerability was found in AJP connector in Undertow. This is enabled with a default AJP configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).

Comment 19 Doran Moppert 2020-02-28 00:05:11 UTC
Created undertow tracking bugs for this issue:

Affects: fedora-all [bug 1808147]

Comment 27 Dhananjay Arunesh 2020-03-04 09:03:46 UTC
Acknowledgments:

Name: Robert Roberson, Steve Zapantis, taktakdb4g

Comment 32 Ted (Jong Seok) Won 2020-03-10 05:04:32 UTC
Statement:

Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1938

Comment 33 Ted (Jong Seok) Won 2020-03-10 05:04:37 UTC
Mitigation:

Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251

Comment 34 errata-xmlrpc 2020-03-12 17:07:39 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2020:0812 https://access.redhat.com/errata/RHSA-2020:0812

Comment 35 errata-xmlrpc 2020-03-12 17:21:04 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6
  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7
  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8

Via RHSA-2020:0813 https://access.redhat.com/errata/RHSA-2020:0813

Comment 36 Product Security DevOps Team 2020-03-12 22:32:08 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1745

Comment 39 errata-xmlrpc 2020-03-23 20:18:29 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign On 7.3

Via RHSA-2020:0952 https://access.redhat.com/errata/RHSA-2020:0952

Comment 40 errata-xmlrpc 2020-03-24 11:13:59 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2020:0961 https://access.redhat.com/errata/RHSA-2020:0961

Comment 41 errata-xmlrpc 2020-03-24 11:38:55 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7
  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8

Via RHSA-2020:0962 https://access.redhat.com/errata/RHSA-2020:0962

Comment 47 errata-xmlrpc 2020-05-11 20:10:58 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6

Via RHSA-2020:2058 https://access.redhat.com/errata/RHSA-2020:2058

Comment 48 errata-xmlrpc 2020-05-11 20:14:02 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7

Via RHSA-2020:2059 https://access.redhat.com/errata/RHSA-2020:2059

Comment 49 errata-xmlrpc 2020-05-11 20:17:00 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8

Via RHSA-2020:2060 https://access.redhat.com/errata/RHSA-2020:2060

Comment 50 errata-xmlrpc 2020-05-11 20:20:10 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2020:2061 https://access.redhat.com/errata/RHSA-2020:2061

Comment 51 errata-xmlrpc 2020-05-28 16:00:03 UTC
This issue has been addressed in the following products:

  EAP-CD 19 Tech Preview

Via RHSA-2020:2333 https://access.redhat.com/errata/RHSA-2020:2333


Note You need to log in before you can comment on or make changes to this bug.