CVE-2019-10184

Опубликовано: 25 июл. 2019

Источник: debian

EPSS Низкий

Описание

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
undertow	fixed	2.0.23-1		package

Примечания

https://issues.jboss.org/browse/UNDERTOW-1578
https://github.com/undertow-io/undertow/pull/794

EPSS

Процентиль: 71%

0.0068

Низкий

Связанные уязвимости

CVE-2019-10184

CVSS3: 7.5

ubuntu

больше 6 лет назад

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

CVE-2019-10184

CVSS3: 5.3

redhat

больше 6 лет назад

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

CVE-2019-10184

CVSS3: 7.5

nvd

больше 6 лет назад

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

GHSA-w69w-jvc7-wjgv

CVSS3: 7.5

github

больше 6 лет назад

Undertow Missing Authorization when requesting a protected directory without trailing slash

EPSS

Процентиль: 71%

0.0068

Низкий