← volver
CVE-2019-10184

CVE-2019-10184

CVSS 5.3 MEDIUMEPSS 3.5%CWE-862
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
undertow-io · undertow

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2019:2935https://access.redhat.com/errata/RHSA-2019:2936https://access.redhat.com/errata/RHSA-2019:2937https://access.redhat.com/errata/RHSA-2019:2938https://access.redhat.com/errata/RHSA-2019:2998https://access.redhat.com/errata/RHSA-2019:3044https://access.redhat.com/errata/RHSA-2019:3045https://access.redhat.com/errata/RHSA-2019:3046https://access.redhat.com/errata/RHSA-2019:3050https://access.redhat.com/errata/RHSA-2020:0727https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184https://github.com/undertow-io/undertow/pull/794