Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
References
Link | Resource |
---|---|
http://seclists.org/oss-sec/2014/q4/830 | |
http://www.securityfocus.com/bid/71328 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1157478 | Vendor Advisory |
https://issues.jboss.org/browse/UNDERTOW-338 | Vendor Advisory |
https://issues.jboss.org/browse/WFLY-4020 | Vendor Advisory |
http://seclists.org/oss-sec/2014/q4/830 | |
http://www.securityfocus.com/bid/71328 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1157478 | Vendor Advisory |
https://issues.jboss.org/browse/UNDERTOW-338 | Vendor Advisory |
https://issues.jboss.org/browse/WFLY-4020 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 02:18
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/oss-sec/2014/q4/830 - | |
References | () http://www.securityfocus.com/bid/71328 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1157478 - Vendor Advisory | |
References | () https://issues.jboss.org/browse/UNDERTOW-338 - Vendor Advisory | |
References | () https://issues.jboss.org/browse/WFLY-4020 - Vendor Advisory |
Information
Published : 2014-12-01 15:59
Updated : 2024-11-21 02:18
NVD link : CVE-2014-7816
Mitre link : CVE-2014-7816
CVE.ORG link : CVE-2014-7816
JSON object : View
Products Affected
microsoft
- windows
redhat
- undertow
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')