Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2018-1048
HistoryJan 24, 2018 - 11:29 p.m.

CVE-2018-1048

2018-01-2423:29:00
Debian Security Bug Tracker
security-tracker.debian.org
7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.9%

JSON

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.

OSVersionArchitecturePackageVersionFilename
Debian999allundertow< 1.4.22-1undertow_1.4.22-1_all.deb
Debian13allundertow< 1.4.22-1undertow_1.4.22-1_all.deb

Related

veracode 1
prion 1
osv 1
redhatcve 1
ubuntucve 1
cve 1
github 1
redhat 4
nessus 3
veracode
veracode
Directory Traversal
2019-05-16 02:42:32
prion
prion
Path traversal
2018-01-24 23:29:00
osv
osv
Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow
2022-05-13 01:12:24
redhatcve
redhatcve
CVE-2018-1048
2018-01-24 20:21:16
ubuntucve
ubuntucve
CVE-2018-1048
2018-01-24 00:00:00
cve
cve
CVE-2018-1048
2018-01-24 23:29:00
github
github
Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow
2022-05-13 01:12:24
redhat
redhat
(RHSA-2018:0479) Important: JBoss Enterprise Application Platform 7.1.1 on RHEL 6
2018-03-12 16:34:40
(RHSA-2018:0480) Important: JBoss Enterprise Application Platform 7.1.1 for RHEL 7
2018-03-12 16:34:43
(RHSA-2018:0481) Important: jboss-ec2-eap package for EAP 7.1.1
2018-03-12 17:12:54
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2018:0479)
2018-03-14 00:00:00
RHEL 6 / 7 : JBoss EAP (RHSA-2018:0481)
2018-03-14 00:00:00
RHEL 7 : JBoss EAP (RHSA-2018:0480)
2018-03-14 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.9%

JSON
Related for DEBIANCVE:CVE-2018-1048
veracode1prion1osv1redhatcve1ubuntucve1cve1github1redhat4nessus3