A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2024-1459 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2259475 | Issue Tracking |
Configurations
History
27 Feb 2024, 16:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:undertow:-:*:*:*:*:*:*:* | |
References | () https://access.redhat.com/security/cve/CVE-2024-1459 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2259475 - Issue Tracking | |
First Time |
Redhat undertow
Redhat |
13 Feb 2024, 14:01
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
12 Feb 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-12 21:15
Updated : 2024-02-27 16:55
NVD link : CVE-2024-1459
Mitre link : CVE-2024-1459
CVE.ORG link : CVE-2024-1459
JSON object : View
Products Affected
redhat
- undertow
CWE
CWE-24
Path Traversal: '../filedir'