undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2019:2935 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2936 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2937 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2938 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2998 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3044 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3045 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3046 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3050 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2020:0727 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184 | Issue Tracking Vendor Advisory |
https://github.com/undertow-io/undertow/pull/794 | Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220210-0016/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
History
No history.
Information
Published : 2019-07-25 21:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-10184
Mitre link : CVE-2019-10184
CVE.ORG link : CVE-2019-10184
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
- jboss_data_grid
- openshift_application_runtimes
- single_sign-on
- enterprise_linux
- undertow
netapp
- active_iq_unified_manager
CWE
CWE-862
Missing Authorization