CVE-2016-0793
published 2016-04-01CVE-2016-0793: Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows…
PriorityP261high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
15.57%
96.4th percentile
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | jboss_wildfly_application_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests targeting WEB-INF or META-INF paths using lowercase or mixed-case variants (e.g., /web-inf/, /meta-inf/) which bypass the servlet filter blacklist on WildFly running on Windows. ↗
- →Alert on HTTP requests where the URL path case-insensitively matches /web-inf/ or /meta-inf/ but does not match the exact uppercase strings /WEB-INF or /META-INF, indicating a filter bypass attempt. ↗
- →Monitor for unauthenticated remote requests to WildFly (pre-10.0.0.Final) on Windows that access sensitive deployment descriptor files (e.g., web.xml, beans.xml) via case-mangled or extra-character-padded paths under WEB-INF or META-INF. ↗
- ·This vulnerability only affects WildFly instances running on Windows operating systems; Linux/Unix deployments are not affected due to case-sensitive filesystem path handling. ↗
- ·Affected versions are WildFly prior to 10.0.0.Final, specifically confirmed on 9.0.2.Final and 8.2.1.Final. Red Hat JBoss EAP and layered products are NOT affected. ↗
- ·The filter bypass logic resides in the undertow servlet handler (io.undertow.servlet.handlers.ServletInitialHandler); detection rules should account for both the startsWith and equalsIgnoreCase/regionMatches code paths being independently bypassable. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
WildFly has incomplete blacklist vulnerability
ghsa·2022-05-14
CVE-2016-0793 [HIGH] CWE-200 WildFly has incomplete blacklist vulnerability
WildFly has incomplete blacklist vulnerability
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
OSV
WildFly has incomplete blacklist vulnerability
osv·2022-05-14
CVE-2016-0793 [HIGH] WildFly has incomplete blacklist vulnerability
WildFly has incomplete blacklist vulnerability
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
Red Hat
wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
vendor_redhat·2016-02-11·CVSS 7.5
CVE-2016-0793 [HIGH] CWE-184 wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
An incomplete-blacklist flaw was found in the blacklisting of URLs in Wildfly. A remote, unauthenticated user could exploit this flaw to expose sensitive files.
Statement: Only Wildfly application servers running on Windows operating systems are affected; no versions of Red Hat JBoss EAP or layered products are affected.
No detection rules found.
http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1305937https://security.netapp.com/advisory/ntap-20180215-0001/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_ushttps://www.exploit-db.com/exploits/39573/http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1305937https://security.netapp.com/advisory/ntap-20180215-0001/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_ushttps://www.exploit-db.com/exploits/39573/
2016-04-01
Published