4.8

CVE-2021-3688

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Data is provided by the National Vulnerability Database (NVD)
RedhatJboss Core Services Httpd Version < 2.4.37
RedhatJboss Core Services Httpd Version2.4.37 Update-
RedhatJboss Core Services Httpd Version2.4.37 Updatesp1
RedhatJboss Core Services Httpd Version2.4.37 Updatesp2
RedhatJboss Core Services Httpd Version2.4.37 Updatesp3
RedhatJboss Core Services Httpd Version2.4.37 Updatesp4
RedhatJboss Core Services Httpd Version2.4.37 Updatesp5
RedhatJboss Core Services Httpd Version2.4.37 Updatesp6
RedhatJboss Core Services Httpd Version2.4.37 Updatesp7
RedhatJboss Core Services Httpd Version2.4.37 Updatesp8
RedhatJboss Core Services Httpd Version2.4.37 Updatesp9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.27% 0.503
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.8 2.2 2.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.