Skip to content

Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Jan 27, 2023

Package

maven io.undertow:undertow-core (Maven)

Affected versions

>= 1.0.0, < 1.0.17
>= 1.1.0.Beta1, <= 1.1.0.CR4
>= 1.2.0.Beta1, <= 1.2.0.Beta2

Patched versions

1.0.17
1.1.0.CR5
1.2.0.Beta3

Description

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.

References

Published by the National Vulnerability Database Dec 1, 2014
Published to the GitHub Advisory Database May 17, 2022
Reviewed Jul 6, 2022
Last updated Jan 27, 2023

Severity

Moderate

EPSS score

4.584%
(93rd percentile)

Weaknesses

CVE ID

CVE-2014-7816

GHSA ID

GHSA-h6p6-fc4w-cqhx

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.