Can anyone point me at a reference that covers if Undertow's AJP listener
is susceptible to the newly-released Ghostcat vulnerability. Most
information centers around Tomcat, but Redhat does have this page
mentioning Undertow.
https://access.redhat.com/security/cve/CVE-2020-1745
However, even the information there seems to revolve around Undertow as
it's embedded in EAP 7 and not Undertow when embedded directly in an
application like I use it.
Is Undertow proper vulnerable? What versions? I see a generic ticket
mentioning Undertow here
https://bugzilla.redhat.com/show_bug.cgi?id=1807305
but I can't find any tickets on the Undertow JIRA ticket tracker
https://issues.redhat.com/issues/?jql=project%20%3D%20UNDERTOW%20AND%20te...
Thanks!
~Brad
*Developer Advocate*
*Ortus Solutions, Corp *
E-mail: brad(a)coldbox.org
ColdBox Platform:
http://www.coldbox.org
Blog:
http://www.codersrevolution.com