Description

A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.

Remediation

References

https://access.redhat.com/errata/RHSA-2018:1247

https://access.redhat.com/errata/RHSA-2018:1248

https://access.redhat.com/errata/RHSA-2018:1249

https://access.redhat.com/errata/RHSA-2018:1251

https://access.redhat.com/errata/RHSA-2018:2938

https://bugzilla.redhat.com/show_bug.cgi?id=1528361

https://issues.jboss.org/browse/WFLY-9620

Related Vulnerabilities

CVE-2016-8735 Vulnerability in maven package org.apache.tomcat:tomcat-catalina-jmx-remote

CVE-2015-5255 Vulnerability in maven package org.apache.flex.blazeds:flex-messaging-core

CVE-2018-19838 Vulnerability in maven package org.webjars.npm:node-sass

CVE-2023-37954 Vulnerability in maven package com.sonyericsson.hudson.plugins.rebuild:rebuild

CVE-2022-36907 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

Severity

Medium

Classification

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory Issue Tracking Vendor Advisory NVD-CWE-noinfo