Описание
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
It was discovered that Undertow is vulnerable to a directory traversal flaw. A remote attacker could use this flaw to read arbitrary files that are accessible to the user running the Java process.
Отчет
Not vulnerable. This issue does not affect any Red Hat product.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | all | Not affected |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS2
Связанные уязвимости
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.1 ...
Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
5 Medium
CVSS2