CVSS: 8.6EPSS: 0%CPEs: 31EXPL: 0CVE-2018-1047 – undertow: Path traversal in ServletResourceManager class
https://notcve.org/view.php?id=CVE-2018-1047
24 Jan 2018 — A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. Se ha encontrado un fallo en Wildfly 9.x. Una vulnerabilidad de salto de directorio a través del método org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource podría llevar a la revelación de información de archivos locales arbitrarios. A path traversal vulnerability... • https://access.redhat.com/errata/RHSA-2018:1247 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-3198
https://notcve.org/view.php?id=CVE-2015-3198
21 Jul 2017 — The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL. El módulo Undertow de WildFly versión 9.x anterior a 9.0.0.CR2 y versión 10.x anterior a 10.0.0.Alpha1, permite a los atacantes remotos obtener el código fuente de una página JSP por medio de una "/" al final de una URL. • https://bugzilla.redhat.com/show_bug.cgi?id=1224787 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2016-9589 – wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage
https://notcve.org/view.php?id=CVE-2016-9589
23 Mar 2017 — Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection. Undertow en Red Hat wildfly, en versiones anteriores a la 11.0.0.Beta1, es vulnerable a un agotamiento de recursos, lo cual resulta en una... • http://rhn.redhat.com/errata/RHSA-2017-0830.html • CWE-400: Uncontrolled Resource Consumption •