undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2019:2935 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2936 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2937 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2938 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:2998 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3044 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3045 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3046 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:3050 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2020:0727 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184 | Issue Tracking Vendor Advisory |
https://github.com/undertow-io/undertow/pull/794 | Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220210-0016/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
History
20 Feb 2022, 06:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220210-0016/ - Third Party Advisory |
10 Feb 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-07-25 21:15
Updated : 2024-02-04 20:20
NVD link : CVE-2019-10184
Mitre link : CVE-2019-10184
CVE.ORG link : CVE-2019-10184
JSON object : View
Products Affected
redhat
- openshift_application_runtimes
- single_sign-on
- enterprise_linux
- jboss_enterprise_application_platform
- jboss_data_grid
- undertow
netapp
- active_iq_unified_manager
CWE
CWE-862
Missing Authorization