[jboss-jira] [JBoss JIRA] (WFLY-4020) CVE-2014-7816 Information disclosure via directory traversal
Stuart Douglas (JIRA)
issues at jboss.org
Mon Nov 3 21:25:44 EST 2014
[ https://issues.jboss.org/browse/WFLY-4020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas resolved WFLY-4020.
----------------------------------
Fix Version/s: 8.2.0.CR1
9.0.0.Beta1
Resolution: Done
> CVE-2014-7816 Information disclosure via directory traversal
> ------------------------------------------------------------
>
> Key: WFLY-4020
> URL: https://issues.jboss.org/browse/WFLY-4020
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 8.1.0.Final, 9.0.0.Alpha1
> Reporter: Arun Neelicattu
> Assignee: Stuart Douglas
> Labels: CVE-2014-7816, component:undertow
> Fix For: 8.2.0.CR1, 9.0.0.Beta1
>
>
> Directory traversal vulnerability allows access to arbitrary files. This can be triggered by using `dot dot` prefix to requested resource URI.
> Refer to [CVE-2014-7816|https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7816] for more information.
> Undertow issue is at UNDERTOW-338.
> Note that at the time of filing this is under embargo until instructed by the original reporter.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list