CVE-2019-10184 – io.undertow:undertow-servlet

Package

Manager: maven
Name: io.undertow:undertow-servlet
Vulnerable Version: >=0 <2.0.23

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0068 pctl0.70671

Details

Undertow Missing Authorization when requesting a protected directory without trailing slash undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Metadata

Created: 2019-08-01T19:18:16Z
Modified: 2023-09-25T10:52:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-w69w-jvc7-wjgv/GHSA-w69w-jvc7-wjgv.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-w69w-jvc7-wjgv
Finding: F039
Auto approve: 1