CVE-2019-10184
HIGH7.5EPSS 1.5%Undertow Missing Authorization when requesting a protected directory without trailing slash
Published: 8/1/2019Modified: 4/28/2026
Description
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
Affected packages (2)
- Debian/undertowfrom 0, < 2.0.23-1
- Maven/io.undertow:undertow-servletfrom 0, < 2.0.23
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (17)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10184
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-10184
- WEBhttps://access.redhat.com/errata/RHSA-2019:2935
- WEBhttps://access.redhat.com/errata/RHSA-2019:2936
- WEBhttps://access.redhat.com/errata/RHSA-2019:2937
- WEBhttps://access.redhat.com/errata/RHSA-2019:2938
- WEBhttps://access.redhat.com/errata/RHSA-2019:2998
- WEBhttps://access.redhat.com/errata/RHSA-2019:3044
- WEBhttps://access.redhat.com/errata/RHSA-2019:3045
- WEBhttps://access.redhat.com/errata/RHSA-2019:3046
- WEBhttps://access.redhat.com/errata/RHSA-2019:3050
- WEBhttps://access.redhat.com/errata/RHSA-2020:0727
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184
- WEBhttps://github.com/undertow-io/undertow/commit/5fa7ac68c0e4251c93056d9982db5e794e04ebfa
- WEBhttps://github.com/undertow-io/undertow/pull/794
- WEBhttps://issues.redhat.com/browse/UNDERTOW-1578
- WEBhttps://security.netapp.com/advisory/ntap-20220210-0016