Design/Logic Flaw

2022-08-2616:15:00

PRIOn knowledge base

www.prio-n.com

red hat jboss

core services

http server

flaw

unauthorized access

data confidentiality

integrity

nvd

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.0%

JSON

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

CPENameOperatorVersion
jboss_core_services_httpdeq2.4.37 sp3
jboss_core_services_httpdeq2.4.37
jboss_core_services_httpdeq2.4.37 sp1
jboss_core_services_httpdeq2.4.37 sp2
jboss_core_services_httpdeq2.4.37 sp4
jboss_core_services_httpdeq2.4.37 sp5
jboss_core_services_httpdeq2.4.37 sp6
jboss_core_services_httpdeq2.4.37 sp7
jboss_core_services_httpdeq2.4.37 sp8
jboss_core_services_httpdeq2.4.37 sp9

Name	Operator	Version
jboss_core_services_httpd	eq	2.4.37 sp3
jboss_core_services_httpd	eq	2.4.37
jboss_core_services_httpd	eq	2.4.37 sp1
jboss_core_services_httpd	eq	2.4.37 sp2
jboss_core_services_httpd	eq	2.4.37 sp4
jboss_core_services_httpd	eq	2.4.37 sp5
jboss_core_services_httpd	eq	2.4.37 sp6
jboss_core_services_httpd	eq	2.4.37 sp7
jboss_core_services_httpd	eq	2.4.37 sp8
jboss_core_services_httpd	eq	2.4.37 sp9