CVE-2014-7816

CWE-22Path TraversalCWE-20Improper Input ValidationCWE-552Files Accessible to External PartiesCWE-200Information Exposure8 documents7 sources
Severity
5.0MEDIUM
EPSS
55.2%
top 1.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Undertow
Timeline
PublishedDec 1
Latest updateMay 17

Description

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Mavenio.undertow:undertow-core1.0.01.0.17+2
NVDredhat/undertow1.0.16+2

🔴Vulnerability Details

3
OSV
Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow2022-05-17
GHSA
Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow2022-05-17
CVEList
CVE-2014-7816: Directory traversal vulnerability in JBoss Undertow 12014-12-01

📋Vendor Advisories

2
Red Hat
Undertow: Information disclosure via directory traversal2014-10-28
Debian
CVE-2014-7816: undertow - Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x b...2014

💬Community

2
Bugzilla
CVE-2014-7816 wildfly: Undertow: Information disclosure via directory traversal [fedora-all]2014-10-31
Bugzilla
CVE-2014-7816 Undertow: Information disclosure via directory traversal2014-10-27