CVE-2018-1047

State: PUBLISHED · Published: 2018-01-24 · Updated: 2024-08-05 · Assigner: redhat

Description

A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.

CWE

CWE-20 — CWE-20->CWE-22

Affected

Red Hat, Inc. / Wildfly — v=9.x [affected]

CVSS

(none)

References

https://access.redhat.com/errata/RHSA-2018:1248 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1251 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2938 vendor-advisory, x_refsource_REDHAT
https://issues.jboss.org/browse/WFLY-9620 x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1247 vendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1528361 x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1249 vendor-advisory, x_refsource_REDHAT

Source

cvelistV5-main/cves/2018/1xxx/CVE-2018-1047.json