undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2019:2935 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2936 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2937 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2938 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2998 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3044 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3045 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3046 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3050 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2020:0727 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184 | Issue Tracking Vendor Advisory |
https://github.com/undertow-io/undertow/pull/794 | Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220210-0016/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2019-07-25T20:35:16
Updated: 2022-02-10T09:06:40
Reserved: 2019-03-27T00:00:00
Link: CVE-2019-10184
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-25T21:15:11.473
Modified: 2022-02-20T06:11:42.433
Link: CVE-2019-10184
JSON object: View
Redhat Information
No data.
CWE