Описание
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| JBoss Developer Studio 10 | wildfly-undertow | Out of support scope | ||
| Red Hat Fuse 7 | undertow | Affected | ||
| Red Hat JBoss Data Grid 7 | wildfly-undertow | Not affected | ||
| Red Hat JBoss Fuse 6 | undertow | Will not fix | ||
| Red Hat JBoss Fuse Integration Service 2 | undertow | Affected | ||
| Red Hat OpenShift Application Runtimes | undertow | Affected | ||
| Red Hat Single Sign-On 7 | wildfly | Not affected | ||
| Red Hat Single Sign-On 7 | wildfly-undertow | Not affected | ||
| Red Hat JBoss EAP 7.1 | Fixed | RHSA-2018:1251 | 25.04.2018 | |
| Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 | eap7-activemq-artemis | Fixed | RHSA-2018:1248 | 25.04.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.6 High
CVSS3
Связанные уязвимости
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
A flaw was found in Wildfly 9.x. A path traversal vulnerability throug ...
Improper Input Validation in org.wildfly:wildfly-undertow
EPSS
8.6 High
CVSS3