CVE-2024-1459

Опубликовано: 18 янв. 2024

Источник: redhat

CVSS3: 5.3

Описание

A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat build of Quarkus	io.quarkus/quarkus-undertow	Not affected
Red Hat Data Grid 8	undertow	Will not fix
Red Hat Decision Manager 7	undertow	Out of support scope
Red Hat Fuse 7	undertow	Out of support scope
Red Hat JBoss Data Grid 7	undertow	Out of support scope
Red Hat JBoss Fuse 6	undertow	Out of support scope
Red Hat Process Automation 7	undertow	Out of support scope
Red Hat Single Sign-On 7	undertow	Out of support scope
Red Hat JBoss Enterprise Application Platform 7		Fixed	RHSA-2024:1677	04.04.2024
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	eap7-activemq-artemis	Fixed	RHSA-2024:1675	04.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-24

https://bugzilla.redhat.com/show_bug.cgi?id=2259475undertow: directory traversal vulnerability

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2024-1459

CVSS3: 5.3

ubuntu

почти 2 года назад

CVE-2024-1459

CVSS3: 5.3

nvd

почти 2 года назад

CVE-2024-1459

CVSS3: 5.3

debian

почти 2 года назад

A path traversal vulnerability was found in Undertow. This issue may a ...

GHSA-v76w-3ph8-vm66

CVSS3: 5.3

github

почти 2 года назад

Undertow Path Traversal vulnerability

5.3 Medium

CVSS3