CVE-2015-3198

CWE-200 — Information Exposure6 documents6 sources

Severity

7.5HIGH

EPSS

0.4%

top 39.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Wildfly Application Server

Timeline

PublishedJul 21

Latest updateMay 17

Description

The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Mavenorg.wildfly:wildfly-parent8.1.0.Final — 9.0.0.CR2

▶NVDredhat/jboss_wildfly_application_server9.0.0

🔴Vulnerability Details

OSV

The Undertow module of WildFly allows source code disclosure↗2022-05-17

▶

GHSA

The Undertow module of WildFly allows source code disclosure↗2022-05-17

▶

CVEList

CVE-2015-3198: The Undertow module of WildFly 9↗2017-07-21

▶

📋Vendor Advisories

Red Hat

JBOSS: JSP source code leak when a slash added at the end of the URL↗2015-05-06

▶

💬Community

Bugzilla

CVE-2015-3198 JBOSS: JSP source code leak when a slash added at the end of the URL↗2015-05-25

▶