It was discovered that Undertow, when running on Microsoft Windows, is vulnerable to a directory traversal flaw. A remote attacker could use this flaw to read arbitrary files that are accessible to the user running the Java process.
Not vulnerable. This issue does not affect any Red Hat product.
Red Hat would like to thank Roberto Soares of Conviso Application Security for reporting this issue.
It was confirmed that this issue only affects Undertow if running on Windows platform.
Created wildfly tracking bugs for this issue:
Affects: fedora-all [bug 1159179]
Upstream fix commit:
*** Bug 1256438 has been marked as a duplicate of this bug. ***