Potential Path Traversal Vulnerability in Undertow Could Allow Access to Privileged Files
CVE-2024-1459

5.3MEDIUM

Key Information:

Vendor
Red Hat
Status
Red Hat Jboss Enterprise Application Platform 7
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9
Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7
Vendor
CVE Published:
12 February 2024

Summary

A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.

References

https://access.redhat.com/errata/RHSA-2024:1674
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1675
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1676
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank AAIB IT Unix Team for reporting this issue.
.