Описание
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6 | jbossweb | Out of support scope | ||
| Red Hat JBoss Fuse 6 | spring-boot | Out of support scope | ||
| Red Hat JBoss Fuse 6 | undertow | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | undertow | Affected | ||
| Red Hat Process Automation 7 | undertow | Not affected | ||
| Red Hat support for Spring Boot | undertow | Not affected | ||
| Red Hat Data Grid 7.3.3 | undertow | Fixed | RHSA-2020:0727 | 05.03.2020 |
| Red Hat Fuse 7.6.0 | undertow | Fixed | RHSA-2020:0983 | 26.03.2020 |
| Red Hat JBoss EAP 7.2 | Fixed | RHSA-2019:2938 | 30.09.2019 | |
| Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 | eap7-activemq-artemis | Fixed | RHSA-2019:2935 | 01.10.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
undertow before version 2.0.23.Final is vulnerable to an information l ...
Undertow Missing Authorization when requesting a protected directory without trailing slash
EPSS
5.3 Medium
CVSS3