CVE-2018-1047
MEDIUM5.5EPSS 0.18%Improper Input Validation in org.wildfly:wildfly-undertow
Published: 10/19/2018Modified: 11/8/2023
Description
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
Affected packages (1)
- Maven/org.wildfly:wildfly-undertowfrom 0, < 12.0.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (10)
- ADVISORYhttps://github.com/advisories/GHSA-fmr4-w67p-vh8x
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1047
- WEBhttps://access.redhat.com/errata/RHSA-2018:1247
- WEBhttps://access.redhat.com/errata/RHSA-2018:1248
- WEBhttps://access.redhat.com/errata/RHSA-2018:1249
- WEBhttps://access.redhat.com/errata/RHSA-2018:1251
- WEBhttps://access.redhat.com/errata/RHSA-2018:2938
- WEBhttps://access.redhat.com/security/cve/CVE-2018-1047
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1528361
- WEBhttps://issues.jboss.org/browse/WFLY-9620