Description

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Remediation

References

CVE-2019-10184

Related Vulnerabilities

WordPress Plugin Age Gate Cross-Site Scripting (2.16.3)

WordPress Plugin Polylang Cross-Site Request Forgery (2.5)

WordPress Plugin User Role by BestWebSoft Cross-Site Scripting (1.5.5)

WordPress Plugin Premium SEO Pack Security Bypass (1.9.1.3)

WordPress Plugin BuddyPress PHP Object Injection (2.0.2)

Severity

High

Classification

CVE-2019-10184 CWE-862 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities