[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2014-7816 Undertow (on Windows): Information disclosure via directory traversal
From: Arun Babu Neelicattu <abn () redhat ! com>
Date: 2014-11-27 1:15:42
Message-ID: 802517388.4086538.1417050942849.JavaMail.zimbra () redhat ! com
[Download RAW message or body]
CVE-2014-7816 was assigned to a vulnerability in JBoss Undertow [1]. This flaw was reported by \
Roberto Soares of Conviso Application Security.
Issue Description:
It was discovered that Undertow, when running on Microsoft Windows, is vulnerable to a \
directory traversal flaw. A remote attacker could use this flaw to read arbitrary files that \
are accessible to the user running the Java process.
Fixed Version(s):
undertow 1.0.17.Final, undertow 1.2.0.Beta3, undertow 1.1.0.CR5
Victims Record:
https://github.com/victims/victims-cve-db/blob/master/database/java/2014/7816.yaml
References:
https://issues.jboss.org/browse/UNDERTOW-338
https://issues.jboss.org/browse/WFLY-4020
https://bugzilla.redhat.com/CVE-2014-7816
https://access.redhat.com/security/cve/CVE-2014-7816
--
Arun Neelicattu / Red Hat Product Security
PGP: 0xC244393B 5229 F596 474F 00A1 E416 CF8B 36F5 5054 C244 393B
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic