GHSA-4vwv-x3gp-2j4g

Source

https://github.com/advisories/GHSA-4vwv-x3gp-2j4g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4vwv-x3gp-2j4g/GHSA-4vwv-x3gp-2j4g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4vwv-x3gp-2j4g

Aliases

CVE-2015-3198

Published

2022-05-17T02:19:49Z

Modified

2024-02-16T08:25:10.053097Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

The Undertow module of WildFly allows source code disclosure

Details

The Undertow module of WildFly versions 8.1.0.Final, 8.2.0.Final, 9.0.0.CR1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.

Database specific

{
    "github_reviewed": true,
    "severity": "HIGH",
    "github_reviewed_at": "2023-08-03T21:24:41Z",
    "nvd_published_at": "2017-07-21T14:29:00Z",
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Maven / org.wildfly:wildfly-parent

Package

Name: org.wildfly:wildfly-parent; View open source insights on deps.dev
Purl: pkg:maven/org.wildfly/wildfly-parent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.1.0.Final

Fixed

9.0.0.CR2

Affected versions

8.*

8.1.0.Final

8.2.0.Final

8.2.1.Final

9.*

9.0.0.Alpha1

9.0.0.Beta1

9.0.0.Beta2

9.0.0.CR1

Database specific

last_known_affected_version_range

"<= 9.0.0.CR1"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4vwv-x3gp-2j4g/GHSA-4vwv-x3gp-2j4g.json"