CVE-2014-7816 Information

Feb 14, 2021 cve

Description

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17 1.1.x before 1.1.0.CR5 and 1.2.x before 1.2.0.Beta3 when running on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.

Reference

http://seclists.org/oss-sec/2014/q4/830 http://www.securityfocus.com/bid/71328 https://bugzilla.redhat.com/show_bug.cgi?id=1157478 https://issues.jboss.org/browse/UNDERTOW-338 https://issues.jboss.org/browse/WFLY-4020

Share on: