Bug 1224787 (CVE-2015-3198) - CVE-2015-3198 JBOSS: JSP source code leak when a slash added at the end of the URL
Summary: CVE-2015-3198 JBOSS: JSP source code leak when a slash added at the end of th...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2015-3198
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20150506,reported=2...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-05-25 17:48 UTC by Fabio Olive Leite
Modified: 2019-06-08 20:36 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-22 12:14:21 UTC


Attachments (Terms of Use)

Description Fabio Olive Leite 2015-05-25 17:48:17 UTC
A flaw was reported in the Undertow module of WildFly that leaks the
source code of a JSP page when a trailing slash (/) is added to the
end of its URL.

This issue did not affect any versions of Red Hat JBoss Enterprise
Application Platform because this flaw only affects the Undertow web
module; JBoss EAP uses JBoss Web.

Comment 1 Fabio Olive Leite 2015-05-25 17:53:32 UTC
References:
https://issues.jboss.org/browse/WFLY-4595

Comment 3 Timothy Walsh 2015-07-22 12:11:00 UTC
Confirmed this is not a problem for EAP 6.4.x.

Comment 4 Timothy Walsh 2015-07-22 12:14:21 UTC
Marking this as closed.  It has been fixed in WildFly 9.0.0.CR2, 10.0.0.Alpha1.


Note You need to log in before you can comment on or make changes to this bug.