Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oNnA2LWZjNHctY3FoeM4AAd18
Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
Permalink: https://github.com/advisories/GHSA-h6p6-fc4w-cqhxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNnA2LWZjNHctY3FoeM4AAd18
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
Identifiers: GHSA-h6p6-fc4w-cqhx, CVE-2014-7816
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-7816
- https://bugzilla.redhat.com/show_bug.cgi?id=1157478
- https://issues.jboss.org/browse/UNDERTOW-338
- https://issues.jboss.org/browse/WFLY-4020
- http://seclists.org/oss-sec/2014/q4/830
- http://www.securityfocus.com/bid/71328
- https://github.com/advisories/GHSA-h6p6-fc4w-cqhx
Affected Packages
maven:io.undertow:undertow-core
Dependent packages: 912Dependent repositories: 5,259
Downloads:
Affected Version Ranges: >= 1.2.0.Beta1, <= 1.2.0.Beta2, >= 1.1.0.Beta1, <= 1.1.0.CR4, >= 1.0.0, < 1.0.17
Fixed in: 1.2.0.Beta3, 1.1.0.CR5, 1.0.17
All affected versions:
All unaffected versions: