CVSS: 8.6EPSS: 0%CPEs: 31EXPL: 0CVE-2018-1047 – undertow: Path traversal in ServletResourceManager class
https://notcve.org/view.php?id=CVE-2018-1047
24 Jan 2018 — A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. Se ha encontrado un fallo en Wildfly 9.x. Una vulnerabilidad de salto de directorio a través del método org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource podría llevar a la revelación de información de archivos locales arbitrarios. A path traversal vulnerability... • https://access.redhat.com/errata/RHSA-2018:1247 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2016-9589 – wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage
https://notcve.org/view.php?id=CVE-2016-9589
23 Mar 2017 — Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection. Undertow en Red Hat wildfly, en versiones anteriores a la 11.0.0.Beta1, es vulnerable a un agotamiento de recursos, lo cual resulta en una... • http://rhn.redhat.com/errata/RHSA-2017-0830.html • CWE-400: Uncontrolled Resource Consumption •