Description

A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.

Remediation

References

CVE-2018-1047

Related Vulnerabilities

IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-4946)

WordPress Plugin MW WP Form Cross-Site Scripting (1.7.1)

WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)

Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9014)

WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)

Severity

Medium

Classification

CVE-2018-1047 CWE-22 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities