VDB

CVE-2020-1757

CVE-2020-1757 PUBLISHED

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

EPSS 0.46% · 64.7th percentile

Risk Scores

EPSS Score
0.46%
64.7th percentile

Affected Products

VendorProductVersions
Ubuntu:24.04:LTSundertow2.3.8-2, 0
Ubuntu:18.04:LTSundertow1.4.20-1, 1.4.23-1, 1.4.23-3
Ubuntu:22.04:LTSundertow2.2.14-1, 2.2.8-1, 2.2.12-1
Ubuntu:16.04:LTSundertow0, 1.3.7-1, 1.3.16-1
Ubuntu:25.10undertow2.3.18-1, 0, 2.3.18-2
Ubuntu:20.04:LTSundertow2.0.28-1, 2.0.23-1, 0

Timeline

  • Apr 21, 2020 CVE Published
  • Apr 30, 2020 CVE Updated
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›