Description

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Remediation

References

CVE-2019-10184

Related Vulnerabilities

MySQL CVE-2021-2016 Vulnerability (CVE-2021-2016)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4476)

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2694)

WordPress Plugin Frontier Post Security Bypass (1.3.2)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2048)

Severity

High

Classification

CVE-2019-10184 CWE-862 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities