[jboss-jira] [JBoss JIRA] (WFLY-9724) [GSS](7.1.z) Undertow does not allow UTF-8 characters in URLs
Stuart Douglas (JIRA)
issues at jboss.org
Tue Jan 23 23:54:00 EST 2018
[ https://issues.jboss.org/browse/WFLY-9724?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas moved JBEAP-14128 to WFLY-9724:
----------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-9724 (was: JBEAP-14128)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Web (Undertow)
(was: Web (Undertow))
Affects Version/s: (was: 7.1.0.CR3)
Fix Version/s: (was: 7.1.1.GA)
> [GSS](7.1.z) Undertow does not allow UTF-8 characters in URLs
> -------------------------------------------------------------
>
> Key: WFLY-9724
> URL: https://issues.jboss.org/browse/WFLY-9724
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Reporter: Stuart Douglas
> Assignee: Stuart Douglas
> Labels: downstream_dependency, qe-pre-ack
>
> We receive a 400 response code if using UTF-8 characters for a request, due to this check:
> https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/protocol/http/HttpRequestParser.java#L375
> This was introduced in UNDERTOW-1101. We want to understand why it is necessary for the CVE/CWE regarding request smuggling, but this ticket is to at least make this check optional as it goes against the URL_ENCODING UndertowOption when set to UTF-8 (default).
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list