filedir' vulnerability in Redhat Undertow

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

CWE-24

NVD

Published: 2024-02-12

Updated: 2024-05-15

Summary

A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Undertow -	1

Common Weakness Enumeration (CWE)

CWE-24 - Path Traversal: '../filedir'

References

https://access.redhat.com/security/cve/CVE-2024-1459
https://bugzilla.redhat.com/show_bug.cgi?id=2259475
https://access.redhat.com/errata/RHSA-2024:2763
https://access.redhat.com/errata/RHSA-2024:2764
https://access.redhat.com/errata/RHSA-2024:1677