Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
References
Link | Resource |
---|---|
http://seclists.org/oss-sec/2014/q4/830 | |
https://issues.jboss.org/browse/WFLY-4020 | Vendor Advisory |
https://issues.jboss.org/browse/UNDERTOW-338 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1157478 | Vendor Advisory |
http://www.securityfocus.com/bid/71328 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2014-12-01 07:59
Updated : 2015-03-04 08:41
NVD link : CVE-2014-7816
Mitre link : CVE-2014-7816
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
redhat
- undertow
microsoft
- windows