CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1048 – undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser
https://notcve.org/view.php?id=CVE-2018-1048
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. Se ha descubierto que el conector AJP en undertow, tal y como se incluye en Jboss EAP 7.1.0.GA, no emplea la opción ALLOW_ENCODED_SLASH y, por lo tanto, permite que los caracteres barra diagonal / barra diagonal invertida se cifren en la url, lo que podría conducir a un salto de directorio y resulta en la revelación de información de archivos locales arbitrarios. It was found that the AJP connector in undertow does not use the ALLOW_ENCODED_SLASH option and thus allows the slash and anti-slash characters encoded in a URL. This may lead to path traversal and result in the information disclosure of arbitrary local files. • https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://bugzilla.redhat.com/show_bug.cgi?id=1534343 https://access.redhat.com/security/cve/CVE-2018-1048 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.6EPSS: 0%CPEs: 31EXPL: 0CVE-2018-1047 – undertow: Path traversal in ServletResourceManager class
https://notcve.org/view.php?id=CVE-2018-1047
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. Se ha encontrado un fallo en Wildfly 9.x. Una vulnerabilidad de salto de directorio a través del método org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource podría llevar a la revelación de información de archivos locales arbitrarios. A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. • https://access.redhat.com/errata/RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1248 https://access.redhat.com/errata/RHSA-2018:1249 https://access.redhat.com/errata/RHSA-2018:1251 https://access.redhat.com/errata/RHSA-2018:2938 https://bugzilla.redhat.com/show_bug.cgi?id=1528361 https://issues.jboss.org/browse/WFLY-9620 https://access.redhat.com/security/cve/CVE-2018-1047 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12165 – undertow: improper whitespace parsing leading to potential HTTP request smuggling
https://notcve.org/view.php?id=CVE-2017-12165
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. Se ha descubierto que Undertow en versiones anteriores a la 1.4.17, 1.3.31 y 2.0.0 procesa cabeceras de petición HTTP con espacios en blanco inusuales que pueden provocar HTTP Request Smuggling. It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling. • https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0005 https://access.redhat.com/errata/RHSA-2018:1322 https://bugzilla.redhat.com/show_bug. • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-12167 – EAP-7: Wrong privileges on multiple property files
https://notcve.org/view.php?id=CVE-2017-12167
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. Se ha detectado en EAP 7 en versiones anteriores a la 7.0.9 que los archivos basados en propiedades de la administración y la configuración del dominio de la aplicación que contienen mapeo de usuario a rol son legibles para todos los usuarios, permitiendo el acceso a la información de usuarios y roles a todos los usuarios conectados al sistema. It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. • http://www.securityfocus.com/bid/100903 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0005 https://bugzilla.redhat.com/show_bug.cgi?id=C • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 2%CPEs: 58EXPL: 0CVE-2017-15095 – jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
https://notcve.org/view.php?id=CVE-2017-15095
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.8.10 y a la 2.9.1, que podría permitir que un usuario no autenticado ejecute código enviando las entradas maliciosamente manipuladas al método readValue de ObjectMapper. Este problema amplía el error previo de CVE-2017-7525 metiendo en la lista negra más clases que podrían emplearse de forma maliciosa. A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103880 http://www.securitytracker.com/id/1039769 https://access.redhat.com/errata/RHSA-2017:3189 https://access.redhat.com/errata/RHSA-2017:3190 https://access.redhat.com/errata/RHSA-2018:0342 https://access.redhat.com/errata/RHSA-2018: • CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •