CVE-2024-1459
MEDIUM5.3EPSS 10.1%Undertow Path Traversal vulnerability
Published: 2/12/2024Modified: 4/28/2026
Description
A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.
Affected packages (2)
- Debian/undertowfrom 0, < 2.3.18-1
- Maven/io.undertow:undertow-corefrom 0, < 2.2.31.Final
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References (15)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-1459
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-1459
- WEBhttps://access.redhat.com/errata/RHSA-2024:1674
- WEBhttps://access.redhat.com/errata/RHSA-2024:1675
- WEBhttps://access.redhat.com/errata/RHSA-2024:1676
- WEBhttps://access.redhat.com/errata/RHSA-2024:1677
- WEBhttps://access.redhat.com/errata/RHSA-2024:2763
- WEBhttps://access.redhat.com/errata/RHSA-2024:2764
- WEBhttps://access.redhat.com/security/cve/CVE-2024-1459
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2259475
- WEBhttps://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
- WEBhttps://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
- WEBhttps://github.com/undertow-io/undertow/pull/1556
- WEBhttps://issues.redhat.com/browse/UNDERTOW-2339
- WEBhttps://security.netapp.com/advisory/ntap-20241122-0008