Description

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Remediation

References

https://access.redhat.com/errata/RHSA-2019:2935

https://access.redhat.com/errata/RHSA-2019:2936

https://access.redhat.com/errata/RHSA-2019:2937

https://access.redhat.com/errata/RHSA-2019:2938

https://access.redhat.com/errata/RHSA-2019:2998

https://access.redhat.com/errata/RHSA-2019:3044

https://access.redhat.com/errata/RHSA-2019:3045

https://access.redhat.com/errata/RHSA-2019:3046

https://access.redhat.com/errata/RHSA-2019:3050

https://access.redhat.com/errata/RHSA-2020:0727

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184

https://github.com/undertow-io/undertow/pull/794

https://security.netapp.com/advisory/ntap-20220210-0016/

Related Vulnerabilities

CVE-2022-25853 Vulnerability in npm package semver-tags

CVE-2023-39345 Vulnerability in npm package @strapi/strapi

CVE-2022-43434 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner

CVE-2020-2270 Vulnerability in maven package org.jenkins-ci.plugins:clearcase-release

CVE-2009-4875 Vulnerability in maven package net.fckeditor:java-core

Severity

High

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Issue Tracking Patch Third Party Advisory