CVE-2021-3688 Information

Description

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Reference

https://access.redhat.com/security/cve/CVE-2021-3688 https://bugzilla.redhat.com/show_bug.cgi?id=1990252