Skip to main content

Path Traversal: '../filedir'

CVE-2024-1459

Severity Medium
Score 5.3/10

Summary

A Path Traversal vulnerability was found in Undertow versions prior to 2.2.31.Final and 2.3.x prior to 2.3.12.Final. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-24 - Path Traversal: '../filedir'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

Advisory Timeline

  • Published