IssueDescription: It was discovered that Undertow, when running on Microsoft Windows, is vulnerable to a directory traversal flaw. A remote attacker could use this flaw to read arbitrary files that are accessible to the user running the Java process.
Statement: Not vulnerable. This issue does not affect any Red Hat product.
Upstream Issue: https://issues.jboss.org/browse/WFLY-4020 https://issues.jboss.org/browse/UNDERTOW-338
Acknowledgements: Red Hat would like to thank Roberto Soares of Conviso Application Security for reporting this issue.
It was confirmed that this issue only affects Undertow if running on Windows platform.
Created wildfly tracking bugs for this issue: Affects: fedora-all [bug 1159179]
Upstream fix commit: https://github.com/undertow-io/undertow/commit/28f244e63f558ba99a197813cfd5eee461b52b4c
Victims Record: https://github.com/victims/victims-cve-db/blob/master/database/java/2014/7816.yaml
*** Bug 1256438 has been marked as a duplicate of this bug. ***