CVE-2014-7816 Information disclosure via directory traversal ------------------------------------------------------------ Key: WFLY-4020 URL: https://issues.jboss.org/browse/WFLY-4020 Project: WildFly Issue Type: Bug Components: Web (Undertow) Affects Versions: 8.1.0.Final, 9.0.0.Alpha1 Reporter: Arun Neelicattu Assignee: Stuart Douglas Labels: CVE-2014-7816, component:undertow Directory traversal vulnerability allows access to arbitrary files. This can be triggered by using `dot dot` prefix to requested resource URI. Refer to [CVE-2014-7816|https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7816] for more information. Undertow issue is at UNDERTOW-338. Note that at the time of filing this is under embargo until instructed by the original reporter.