oss-sec mailing list archives
CVE-2014-7816 Undertow (on Windows): Information disclosure via directory traversal
From: Arun Babu Neelicattu <abn () redhat com>
Date: Wed, 26 Nov 2014 20:15:42 -0500 (EST)
CVE-2014-7816 was assigned to a vulnerability in JBoss Undertow [1]. This flaw was reported by Roberto Soares of Conviso Application Security. Issue Description: It was discovered that Undertow, when running on Microsoft Windows, is vulnerable to a directory traversal flaw. A remote attacker could use this flaw to read arbitrary files that are accessible to the user running the Java process. Fixed Version(s): undertow 1.0.17.Final, undertow 1.2.0.Beta3, undertow 1.1.0.CR5 Victims Record: https://github.com/victims/victims-cve-db/blob/master/database/java/2014/7816.yaml References: https://issues.jboss.org/browse/UNDERTOW-338 https://issues.jboss.org/browse/WFLY-4020 https://bugzilla.redhat.com/CVE-2014-7816 https://access.redhat.com/security/cve/CVE-2014-7816 -- Arun Neelicattu / Red Hat Product Security PGP: 0xC244393B 5229 F596 474F 00A1 E416 CF8B 36F5 5054 C244 393B
Current thread:
- CVE-2014-7816 Undertow (on Windows): Information disclosure via directory traversal Arun Babu Neelicattu (Nov 26)