Description

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Remediation

References

CVE-2019-10184

Related Vulnerabilities

Drupal Core 8.8.x Security Bypass (8.8.0 - 8.8.9)

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2018-16890)

Jenkins CVE-2018-1000408 Vulnerability (CVE-2018-1000408)

MySQL CVE-2016-0616 Vulnerability (CVE-2016-0616)

Atlassian Jira CVE-2021-26075 Vulnerability (CVE-2021-26075)

Severity

High

Classification

CVE-2019-10184 CWE-862 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities