CVE-2018-1047

CWE-20 — Improper Input Validation CWE-22 — Path Traversal11 documents6 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 60.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED Hat, Inc. Wildfly Redhat Jboss Enterprise Application Platform Redhat Jboss Wildfly Application Server

Timeline

PublishedJan 24

Latest updateOct 19

Description

A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶Mavenorg.wildfly:wildfly-undertow< 12.0.0

▶CVEListV5red_hat,_inc./wildfly9.x

▶NVDredhat/jboss_wildfly_application_server6 versions+5

▶NVDredhat/jboss_enterprise_application_platform7.1.0

🔴Vulnerability Details

OSV

Improper Input Validation in org.wildfly:wildfly-undertow↗2018-10-19

▶

GHSA

Improper Input Validation in org.wildfly:wildfly-undertow↗2018-10-19

▶

CVEList

CVE-2018-1047: A flaw was found in Wildfly 9↗2018-01-24

▶

OSV

CVE-2018-1047: A flaw was found in Wildfly 9↗2018-01-24

▶

📋Vendor Advisories

Red Hat

undertow: Path traversal in ServletResourceManager class↗2017-12-17

▶

💬Community

Bugzilla

CVE-2018-14340 wireshark: Multiple dissectors could crash (wnpa-sec-2018-36)↗2018-07-23

▶

Bugzilla

CVE-2018-14368 wireshark: Bazaar dissector infinite loop (wnpa-sec-2018-40)↗2018-07-23

▶

Bugzilla

CVE-2018-14341 wireshark: DICOM dissector infinite loop (wnpa-sec-2018-39)↗2018-07-23

▶

Bugzilla

CVE-2018-7418 wireshark: SIGCOMP dissector crash in packet-sigcomp.c↗2018-02-26

▶

Bugzilla

CVE-2018-1047 undertow: Path traversal in ServletResourceManager class↗2017-12-21

▶