Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <802517388.4086538.1417050942849.JavaMail.zimbra@redhat.com>
Date: Wed, 26 Nov 2014 20:15:42 -0500 (EST)
From: Arun Babu Neelicattu <abn@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2014-7816 Undertow (on Windows): Information disclosure via
 directory traversal

CVE-2014-7816 was assigned to a vulnerability in JBoss Undertow [1]. This flaw was reported by Roberto Soares of Conviso Application Security.

Issue Description:

It was discovered that Undertow, when running on Microsoft Windows, is vulnerable to a directory traversal flaw. A remote attacker could use this flaw to read arbitrary files that are accessible to the user running the Java process.

Fixed Version(s):

undertow 1.0.17.Final, undertow 1.2.0.Beta3, undertow 1.1.0.CR5

Victims Record:

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/7816.yaml

References:

https://issues.jboss.org/browse/UNDERTOW-338
https://issues.jboss.org/browse/WFLY-4020
https://bugzilla.redhat.com/CVE-2014-7816
https://access.redhat.com/security/cve/CVE-2014-7816

-- 
Arun Neelicattu / Red Hat Product Security
PGP: 0xC244393B 5229 F596 474F 00A1 E416  CF8B 36F5 5054 C244 393B

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.