Bug#891929: CVE-2018-1047: information disclosure of arbitrary local files
Control: severity -1 important I am no longer sure undertow is affected. The issue is marked resolved upstream and one of the fixing commits https://github.com/wildfly/wildfly/pull/10748/files indicates the bug was in WildFly's undertow extension but not in Undertow itself. I keep this bug report open for a little while longer until UNDERTOW-1295 is resolved and we get more information about the vulnerabilities. signature.asc Description: OpenPGP digital signature
Bug#891929: CVE-2018-1047: information disclosure of arbitrary local files
Source: undertow Version: 1.4.8-1+deb9u1 Severity: grave Tags: security Forwarded: https://issues.jboss.org/browse/WFLY-9620 A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. Upstream bug: https://issues.jboss.org/browse/WFLY-9620