Assigner | redhat |
Reserved | 2024-02-12 |
Published | 2024-02-12 |
Updated | 2024-07-05 |
Description
A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Problem types
Product status
0:2.3.11-1.SP1_redhat_00001.1.el8eap before *
0:2.3.11-1.SP1_redhat_00001.1.el9eap before *
Timeline
2024-01-18: | Reported to Red Hat. |
2024-01-18: | Made public. |
Credits
Red Hat would like to thank AAIB IT Unix Team for reporting this issue.
References
https://access.redhat.com/errata/RHSA-2024:1677 (RHSA-2024:1677)
https://access.redhat.com/errata/RHSA-2024:2763 (RHSA-2024:2763)
https://access.redhat.com/errata/RHSA-2024:2764 (RHSA-2024:2764)
https://access.redhat.com/security/cve/CVE-2024-1459
https://bugzilla.redhat.com/show_bug.cgi?id=2259475 (RHBZ#2259475)