Описание
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:redhat:jboss_wildfly_application_server:9.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_wildfly_application_server:9.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_wildfly_application_server:9.0.0:cr1:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00392
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
redhat
почти 11 лет назад
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.
CVSS3: 7.5
github
больше 3 лет назад
The Undertow module of WildFly allows source code disclosure
EPSS
Процентиль: 60%
0.00392
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200