CVE-2014-7816 – io.undertow:undertow-core

Package

Manager: maven
Name: io.undertow:undertow-core
Vulnerable Version: >=1.0.0 <1.0.17 || >=1.1.0.beta1 <1.1.0.cr5 || >=1.2.0.beta1 <1.2.0.beta3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.54404 pctl0.97947

Details

Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.

Metadata

Created: 2022-05-17T04:15:16Z
Modified: 2022-07-06T21:05:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h6p6-fc4w-cqhx/GHSA-h6p6-fc4w-cqhx.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-h6p6-fc4w-cqhx
Finding: F063
Auto approve: 1