[jboss-jira] [JBoss JIRA] (WFLY-4020) CVE-2014-7816 Information disclosure via directory traversal
Arun Neelicattu (JIRA)
issues at jboss.org
Fri Oct 31 02:26:35 EDT 2014
[ https://issues.jboss.org/browse/WFLY-4020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arun Neelicattu updated WFLY-4020:
----------------------------------
Security: (was: Red Hat Internal)
> CVE-2014-7816 Information disclosure via directory traversal
> ------------------------------------------------------------
>
> Key: WFLY-4020
> URL: https://issues.jboss.org/browse/WFLY-4020
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 8.1.0.Final, 9.0.0.Alpha1
> Reporter: Arun Neelicattu
> Assignee: Stuart Douglas
> Labels: CVE-2014-7816, component:undertow
>
> Directory traversal vulnerability allows access to arbitrary files. This can be triggered by using `dot dot` prefix to requested resource URI.
> Refer to [CVE-2014-7816|https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7816] for more information.
> Undertow issue is at UNDERTOW-338.
> Note that at the time of filing this is under embargo until instructed by the original reporter.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list