Bug 1224787 (CVE-2015-3198) - CVE-2015-3198 JBOSS: JSP source code leak when a slash added at the end of the URL
Summary: CVE-2015-3198 JBOSS: JSP source code leak when a slash added at the end of th...
Alias: CVE-2015-3198
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=low,public=20150506,reported=2...
Depends On:
TreeView+ depends on / blocked
Reported: 2015-05-25 17:48 UTC by Fabio Olive Leite
Modified: 2019-06-08 20:36 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-07-22 12:14:21 UTC

Attachments (Terms of Use)

Description Fabio Olive Leite 2015-05-25 17:48:17 UTC
A flaw was reported in the Undertow module of WildFly that leaks the
source code of a JSP page when a trailing slash (/) is added to the
end of its URL.

This issue did not affect any versions of Red Hat JBoss Enterprise
Application Platform because this flaw only affects the Undertow web
module; JBoss EAP uses JBoss Web.

Comment 1 Fabio Olive Leite 2015-05-25 17:53:32 UTC

Comment 3 Timothy Walsh 2015-07-22 12:11:00 UTC
Confirmed this is not a problem for EAP 6.4.x.

Comment 4 Timothy Walsh 2015-07-22 12:14:21 UTC
Marking this as closed.  It has been fixed in WildFly 9.0.0.CR2, 10.0.0.Alpha1.

Note You need to log in before you can comment on or make changes to this bug.