Bug#891929: CVE-2018-1047: information disclosure of arbitrary local files

Markus Koschany apo at debian.org
Fri Mar 2 17:48:28 UTC 2018


Source: undertow
Version: 1.4.8-1+deb9u1
Severity: grave
Tags: security
Forwarded: https://issues.jboss.org/browse/WFLY-9620

A flaw was found in Wildfly 9.x. A path traversal vulnerability
through the
org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource
method could lead to information disclosure of arbitrary local files.

Upstream bug:

https://issues.jboss.org/browse/WFLY-9620



More information about the pkg-java-maintainers mailing list