5 matches found
Moderate: Red Hat Security Advisory: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images
New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Users of the Red Hat build of Cryostat 2.3.1 on RHEL 8 container images are advised to...
Security Bulletin: Eclipse Vert.x-Web component is vulnerable to CVE-2023-24815 is used by IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Eclipse Vert.x-Web package which is vulnerable to CVE-2023-24815. Vulnerability Details CVEID:CVE-2023-24815 DESCRIPTION: Eclipse Vert.x-Web could allow a remote attacker to obtain sensitive information, caused by a flaw when mounted on a wildcard route. ...
Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release security update
Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2023-24815
CVE-2023-24815 affects Eclipse Vert.x-Web, specifically the StaticHandler behavior when serving files on Windows with a wildcard mount point. The vulnerability arises in Utils.java when computing the relative path to a resource: for wildcards it returns the user input (e.g., rest) as the path seg...
CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...