Description
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
Remediation
References
Related Vulnerabilities
WordPress Plugin Velvet Blues Update URLs Unspecified Vulnerability (2.1)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8657)
IBM WebSEAL Other Vulnerability (CVE-2023-30998)
WordPress Plugin iFrame Admin Pages 'url' Parameter Cross-Site Scripting (0.1)
Internet Information Services Other Vulnerability (CVE-1999-0450)