]
Stuart Douglas resolved WFLY-4020.
----------------------------------
Fix Version/s: 8.2.0.CR1
9.0.0.Beta1
Resolution: Done
CVE-2014-7816 Information disclosure via directory traversal
------------------------------------------------------------
Key: WFLY-4020
URL:
https://issues.jboss.org/browse/WFLY-4020
Project: WildFly
Issue Type: Bug
Components: Web (Undertow)
Affects Versions: 8.1.0.Final, 9.0.0.Alpha1
Reporter: Arun Neelicattu
Assignee: Stuart Douglas
Labels: CVE-2014-7816, component:undertow
Fix For: 8.2.0.CR1, 9.0.0.Beta1
Directory traversal vulnerability allows access to arbitrary files. This can be triggered
by using `dot dot` prefix to requested resource URI.
Refer to [
CVE-2014-7816|https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7816] for
more information.
Undertow issue is at UNDERTOW-338.
Note that at the time of filing this is under embargo until instructed by the original
reporter.