Description
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Scripting (6.3)
WordPress Plugin WooCommerce-Store Exporter CSV Injection (2.3.1)
Atlassian Jira Improper Privilege Management Vulnerability (CVE-2018-13400)
WordPress Plugin Border Loading Bar Multiple Cross-Site Scripting Vulnerabilities (1.0)