Lucene search

[email protected]NVD:CVE-2019-10184

HistoryJul 25, 2019 - 9:15 p.m.

CVE-2019-10184

2019-07-2521:15:11

CWE-862

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.0%

JSON

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Affected configurations

NVD

Node

redhatundertowRange<2.0.23

Node

redhatjboss_data_gridMatch-text-only

redhatjboss_enterprise_application_platformMatch-text-only

redhatjboss_enterprise_application_platformMatch7.0.0

redhatopenshift_application_runtimesMatch-text-only

redhatopenshift_application_runtimesMatch1.0

redhatsingle_sign-onMatch-text-only

redhatsingle_sign-onMatch7.0

Node

redhatenterprise_linuxMatch8.0

AND

redhatjboss_enterprise_application_platformMatch7.2

redhatjboss_enterprise_application_platformMatch7.3

redhatjboss_enterprise_application_platformMatch7.4

Node

redhatenterprise_linuxMatch7.0

AND

redhatjboss_enterprise_application_platformMatch7.2

redhatjboss_enterprise_application_platformMatch7.3

redhatjboss_enterprise_application_platformMatch7.4

Node

redhatenterprise_linuxMatch6.0

AND

redhatjboss_enterprise_application_platformMatch7.2

redhatjboss_enterprise_application_platformMatch7.3

Node

redhatenterprise_linuxMatch8.0

AND

redhatsingle_sign-onMatch7.3

Node

redhatenterprise_linuxMatch7.0

AND

redhatsingle_sign-onMatch7.3

Node

redhatenterprise_linuxMatch6.0

AND

redhatsingle_sign-onMatch7.3

Node

netappactive_iq_unified_managerMatch-linux

netappactive_iq_unified_managerMatch-vmware_vsphere

netappactive_iq_unified_managerMatch-windows

References

access.redhat.com/errata/RHSA-2019:2935

access.redhat.com/errata/RHSA-2019:2936

access.redhat.com/errata/RHSA-2019:2937

access.redhat.com/errata/RHSA-2019:2938

access.redhat.com/errata/RHSA-2019:2998

access.redhat.com/errata/RHSA-2019:3044

access.redhat.com/errata/RHSA-2019:3045

access.redhat.com/errata/RHSA-2019:3046

access.redhat.com/errata/RHSA-2019:3050

access.redhat.com/errata/RHSA-2020:0727

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184

github.com/undertow-io/undertow/pull/794

security.netapp.com/advisory/ntap-20220210-0016/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.0%

JSON

Related for NVD:CVE-2019-10184

veracode1 github1 ubuntucve1 debiancve1 redhatcve1 osv2 prion1 cvelist1 cve1 redhat11 nessus6