Impact: Low Public Date: 2019-07-24 CWE: CWE-200 Bugzilla: 1713068: CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2019-10184 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 5.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | None |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat Single Sign-On 7 | undertow | Affected |
| Red Hat OpenShift Application Runtimes 1.0 | swarm | Affected |
| Red Hat JBoss Fuse 7 | undertow | Under investigation |
| Red Hat JBoss Fuse 6 | undertow | Under investigation |
| Red Hat JBoss EAP 7 | undertow | Affected |
| Red Hat JBoss EAP 6 | jbossweb | Under investigation |
| Red Hat JBoss Data Grid 7 | undertow | Under investigation |
Vulmon