wildfly-undertow is vulnerable to directory traversal attacks. The application does not handle pathing properly, allowing a malicious user to pass a URL to gain access to sensitive information on the system.
CPE | Name | Operator | Version |
---|---|---|---|
wildfly: undertow | le | 11.0.0.Final | |
wildfly: undertow | le | 11.0.0.Final |
access.redhat.com/errata/RHSA-2018:1247
access.redhat.com/errata/RHSA-2018:1248
access.redhat.com/errata/RHSA-2018:1249
access.redhat.com/errata/RHSA-2018:1251
access.redhat.com/errata/RHSA-2018:2938
access.redhat.com/security/cve/CVE-2018-1047
bugzilla.redhat.com/show_bug.cgi?id=1528361
github.com/wildfly/wildfly/pull/10748
issues.jboss.org/browse/WFLY-9620