CVE-2019-10184
published 2019-07-25CVE-2019-10184: undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | undertow | < undertow 2.0.23-1 (forky) | undertow 2.0.23-1 (forky) |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | openshift_application_runtimes | — | — |
| redhat | single_sign-on | — | — |
| redhat | single_sign-on | — | — |
| redhat | undertow | < 2.0.23 | 2.0.23 |
| redhat | undertow | >= 0 < 2.0.23-1 | 2.0.23-1 |
| undertow-io | undertow | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH