CVE-2018-1047
MEDIUM5.5EPSS 0.18%Improper Input Validation in org.wildfly:wildfly-undertow
發布日:2018/10/19修改日:2023/11/8
描述
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
受影響套件(1)
- Maven/org.wildfly:wildfly-undertowfrom 0, < 12.0.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(10)
- ADVISORYhttps://github.com/advisories/GHSA-fmr4-w67p-vh8x
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1047
- WEBhttps://access.redhat.com/errata/RHSA-2018:1247
- WEBhttps://access.redhat.com/errata/RHSA-2018:1248
- WEBhttps://access.redhat.com/errata/RHSA-2018:1249
- WEBhttps://access.redhat.com/errata/RHSA-2018:1251
- WEBhttps://access.redhat.com/errata/RHSA-2018:2938
- WEBhttps://access.redhat.com/security/cve/CVE-2018-1047
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1528361
- WEBhttps://issues.jboss.org/browse/WFLY-9620