Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
No PoCs from references.
- https://github.com/ilmila/J2EEScan
- https://github.com/ronoski/j2ee-rscan
- https://github.com/shoucheng3/undertow-io__undertow_CVE-2014-7816_1-0-16-Final