CVE-2018-1048 — Path Traversal in HAT INC Undertow AS Shipped IN Jboss EAP 7.1.0.ga
Severity
7.5HIGHNVD
EPSS
0.5%
top 33.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 24
Latest updateMay 13
Description
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
4📋Vendor Advisories
2💬Community
4Bugzilla▶
CVE-2018-19044 keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks↗2018-11-21
Bugzilla▶
CVE-2018-19046 keepalived: Insecure use of temporary files allows attackers read sensitive information from pre-existing files↗2018-11-21
Bugzilla▶
CVE-2018-19045 keepalived: Insecure permissions when creating new temporary files allows for leaking of sensitive data↗2018-11-21
Bugzilla▶
CVE-2018-1048 undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser↗2018-01-15