Bug#891929: CVE-2018-1047: information disclosure of arbitrary local files
Markus Koschany
apo at debian.org
Fri Mar 2 17:48:28 UTC 2018
Source: undertow
Version: 1.4.8-1+deb9u1
Severity: grave
Tags: security
Forwarded: https://issues.jboss.org/browse/WFLY-9620
A flaw was found in Wildfly 9.x. A path traversal vulnerability
through the
org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource
method could lead to information disclosure of arbitrary local files.
Upstream bug:
https://issues.jboss.org/browse/WFLY-9620
More information about the pkg-java-maintainers
mailing list