[undertow-dev] Undertow and Ghostcat
Brad Wood
bdw429s at gmail.com
Mon Mar 2 13:32:24 EST 2020
Can anyone point me at a reference that covers if Undertow's AJP listener
is susceptible to the newly-released Ghostcat vulnerability. Most
information centers around Tomcat, but Redhat does have this page
mentioning Undertow.
https://access.redhat.com/security/cve/CVE-2020-1745
However, even the information there seems to revolve around Undertow as
it's embedded in EAP 7 and not Undertow when embedded directly in an
application like I use it.
Is Undertow proper vulnerable? What versions? I see a generic ticket
mentioning Undertow here
https://bugzilla.redhat.com/show_bug.cgi?id=1807305
but I can't find any tickets on the Undertow JIRA ticket tracker
https://issues.redhat.com/issues/?jql=project%20%3D%20UNDERTOW%20AND%20text%20~%20ghostcat
Thanks!
~Brad
*Developer Advocate*
*Ortus Solutions, Corp *
E-mail: brad at coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20200302/8357acab/attachment.html
More information about the undertow-dev
mailing list