Description

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Remediation

References

CVE-2019-10184

Related Vulnerabilities

Oracle JRE CVE-2019-2988 Vulnerability (CVE-2019-2988)

WordPress Plugin Facebook for WordPress Cross-Site Request Forgery (3.0.3)

RubyGems Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-0899)

WordPress Plugin Flickr Justified Gallery Cross-Site Scripting (3.3.6)

WordPress Plugin DP Maintenance Mode Lite Cross-Site Scripting (1.3.2)

Severity

High

Classification

CVE-2019-10184 CWE-862 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities