CVE-2018-1047

Impact:
Moderate
Public Date:
2017-12-17
CWE:
CWE-20->CWE-22
Bugzilla:
1528361: CVE-2018-1047 undertow: Path traversal in ServletResourceManager class
A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files.

Find out more about CVE-2018-1047 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 8.6
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality High
Integrity Impact None
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server RHSA-2018:1248 2018-04-25
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server (eap7-jboss-ec2-eap) RHSA-2018:1249 2018-04-25
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server RHSA-2018:1247 2018-04-25
Red Hat JBoss EAP 7.1 RHSA-2018:1251 2018-04-25
Red Hat OpenShift Application Runtimes 1.0 RHSA-2018:2938 2018-10-17
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server (eap7-jboss-ec2-eap) RHSA-2018:1249 2018-04-25

Affected Packages State

Platform Package State
Red Hat Single Sign-On 7 wildfly-undertow Not affected
Red Hat Single Sign-On 7 wildfly Not affected
Red Hat JBoss Fuse 7 undertow Will not fix
Red Hat JBoss Fuse 6 undertow Will not fix
Red Hat JBoss Data Grid 7 wildfly-undertow Not affected
Last Modified