Bug 1157478 (CVE-2014-7816)
Summary: | CVE-2014-7816 Undertow: Information disclosure via directory traversal | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Arun Babu Neelicattu <aneelica> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | grocha, jshepherd, security-response-team, vkaigoro |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | undertow 1.0.17.Final, undertow 1.2.0.Beta3, undertow 1.1.0.CR5 | Doc Type: | Bug Fix |
Doc Text: |
It was discovered that Undertow is vulnerable to a directory traversal flaw. A remote attacker could use this flaw to read arbitrary files that are accessible to the user running the Java process.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-10-31 09:26:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1159179 | ||
Bug Blocks: |
Description
Arun Babu Neelicattu
2014-10-27 10:19:11 UTC
Statement: Not vulnerable. This issue does not affect any Red Hat product. Upstream Issue: https://issues.jboss.org/browse/WFLY-4020 https://issues.jboss.org/browse/UNDERTOW-338 Acknowledgements: Red Hat would like to thank Roberto Soares of Conviso Application Security for reporting this issue. It was confirmed that this issue only affects Undertow if running on Windows platform. Created wildfly tracking bugs for this issue: Affects: fedora-all [bug 1159179] Upstream fix commit: https://github.com/undertow-io/undertow/commit/28f244e63f558ba99a197813cfd5eee461b52b4c *** Bug 1256438 has been marked as a duplicate of this bug. *** |