Bug 1923133 (CVE-2021-20220) - CVE-2021-20220 undertow: Possible regression in fix for CVE-2020-10687
Summary: CVE-2021-20220 undertow: Possible regression in fix for CVE-2020-10687
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-20220
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1922477
TreeView+ depends on / blocked
 
Reported: 2021-02-01 13:23 UTC by Pedro Sampaio
Modified: 2021-10-14 15:03 UTC (History)
59 users (show)

Fixed In Version: Undertow 2.2.0.Final, Undertow 2.1.6.Final, Undertow 2.0.34.Final
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.
Clone Of:
Environment:
Last Closed: 2021-03-16 19:20:02 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0872 0 None None None 2021-03-16 13:44:04 UTC
Red Hat Product Errata RHSA-2021:0873 0 None None None 2021-03-16 13:36:15 UTC
Red Hat Product Errata RHSA-2021:0874 0 None None None 2021-03-16 13:40:05 UTC
Red Hat Product Errata RHSA-2021:0885 0 None None None 2021-03-16 13:19:57 UTC
Red Hat Product Errata RHSA-2021:0974 0 None None None 2021-03-23 14:18:30 UTC
Red Hat Product Errata RHSA-2021:2755 0 None None None 2021-07-15 15:25:50 UTC

Description Pedro Sampaio 2021-02-01 13:23:21 UTC 
A regression issue reintroduced undertow's CVE-2020-10687 after undertow 2.0.30.SP4.
Comment 9 errata-xmlrpc 2021-03-16 13:19:50 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2021:0885 https://access.redhat.com/errata/RHSA-2021:0885
Comment 10 errata-xmlrpc 2021-03-16 13:36:04 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7

Via RHSA-2021:0873 https://access.redhat.com/errata/RHSA-2021:0873
Comment 11 errata-xmlrpc 2021-03-16 13:40:01 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8

Via RHSA-2021:0874 https://access.redhat.com/errata/RHSA-2021:0874
Comment 12 errata-xmlrpc 2021-03-16 13:43:55 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6

Via RHSA-2021:0872 https://access.redhat.com/errata/RHSA-2021:0872
Comment 13 Product Security DevOps Team 2021-03-16 19:20:02 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-20220
Comment 14 errata-xmlrpc 2021-03-23 14:18:26 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.4.6

Via RHSA-2021:0974 https://access.redhat.com/errata/RHSA-2021:0974
Comment 15 errata-xmlrpc 2021-06-02 14:23:46 UTC 
This issue has been addressed in the following products:

  Red Hat EAP-XP via EAP 7.3.x base

Via RHSA-2021:2210 https://access.redhat.com/errata/RHSA-2021:2210
Comment 16 errata-xmlrpc 2021-07-15 15:25:48 UTC 
This issue has been addressed in the following products:

  Red Hat EAP-XP 2.0.0 via EAP 7.3.x base

Via RHSA-2021:2755 https://access.redhat.com/errata/RHSA-2021:2755
Comment 17 Jonathan Christison 2021-08-10 13:36:26 UTC 
Marking Red Hat Fuse 7 as not affected as a vulnerable version of undertow is not released, this vulnerability was not present in the versions of undertow distributed with Fuse (2.2.5 and 2.0.30SP4)
Note You need to log in before you can comment on or make changes to this bug.