[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2014-7816 Undertow (on Windows): Information disclosure via directory traversal
From:       Arun Babu Neelicattu <abn () redhat ! com>
Date:       2014-11-27 1:15:42
Message-ID: 802517388.4086538.1417050942849.JavaMail.zimbra () redhat ! com
[Download RAW message or body]

CVE-2014-7816 was assigned to a vulnerability in JBoss Undertow [1]. This flaw was reported by \
Roberto Soares of Conviso Application Security.

Issue Description:

It was discovered that Undertow, when running on Microsoft Windows, is vulnerable to a \
directory traversal flaw. A remote attacker could use this flaw to read arbitrary files that \
are accessible to the user running the Java process.

Fixed Version(s):

undertow 1.0.17.Final, undertow 1.2.0.Beta3, undertow 1.1.0.CR5

Victims Record:

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/7816.yaml

References:

https://issues.jboss.org/browse/UNDERTOW-338
https://issues.jboss.org/browse/WFLY-4020
https://bugzilla.redhat.com/CVE-2014-7816
https://access.redhat.com/security/cve/CVE-2014-7816

-- 
Arun Neelicattu / Red Hat Product Security
PGP: 0xC244393B 5229 F596 474F 00A1 E416  CF8B 36F5 5054 C244 393B


[prev in list] [next in list] [prev in thread] [next in thread]