CVE-2018-1048 Information

Feb 14, 2021 cve

Description

It was found that the AJP connector in undertow as shipped in Jboss EAP 7.1.0.GA does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://bugzilla.redhat.com/show_bug.cgi?id=1534343 It was found that the AJP connector in undertow as shipped in Jboss EAP 7.1.0.GA does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5

Share on: