CVE-2018-1047

EPSS 0.25%
Veröffentlicht 24.01.2018 23:29:00
Zuletzt bearbeitet 21.11.2024 03:59:03
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Jboss Wildfly Application Server Version9.0.0

Redhat ≫ Jboss Wildfly Application Server Version9.0.0 Updatealpha1

Redhat ≫ Jboss Wildfly Application Server Version9.0.0 Updatebeta1

Redhat ≫ Jboss Wildfly Application Server Version9.0.0 Updatebeta2

Redhat ≫ Jboss Wildfly Application Server Version9.0.0 Updatecr1

Redhat ≫ Jboss Wildfly Application Server Version9.0.0 Updatecr2

Redhat ≫ Jboss Wildfly Application Server Version9.0.1

Redhat ≫ Jboss Wildfly Application Server Version9.0.2

Redhat ≫ Jboss Wildfly Application Server Version10.0.0

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatealpha1

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatealpha2

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatealpha3

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatealpha4

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatealpha5

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatealpha6

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatebeta1

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatebeta2

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatecr1

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatecr2

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatecr3

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatecr4

Redhat ≫ Jboss Wildfly Application Server Version10.0.0 Updatecr5

Redhat ≫ Jboss Wildfly Application Server Version10.1.0

Redhat ≫ Jboss Wildfly Application Server Version10.1.0 Updatecr1

Redhat ≫ Jboss Wildfly Application Server Version11.0.0

Redhat ≫ Jboss Wildfly Application Server Version11.0.0 Updatealpha1

Redhat ≫ Jboss Wildfly Application Server Version11.0.0 Updatebeta1

Redhat ≫ Jboss Wildfly Application Server Version11.0.0 Updatecr1

Redhat ≫ Jboss Enterprise Application Platform Version7.1.0

Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.476

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://access.redhat.com/errata/RHSA-2018:1247

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1248

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1249

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1251

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2938

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1528361

Third Party Advisory