CVE-2021-3688

Опубликовано: 26 авг. 2022

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Ссылки

https://access.redhat.com/security/cve/CVE-2021-3688
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1990252
Issue Tracking
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2021-3688
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1990252
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:jboss_core_services_httpd:*:*:*:*:*:*:*:*

Версия до 2.4.37 (исключая)

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:-:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp1:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp2:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp3:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp4:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp5:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp6:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp7:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp8:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp9:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00269

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-200

CWE-22

Связанные уязвимости

CVE-2021-3688

CVSS3: 4.8

redhat

больше 4 лет назад

GHSA-f3rq-463v-2j36

CVSS3: 9.1

github

больше 3 лет назад