CVE-2014-7816 Undertow (on Windows): Information disclosure via directory traversal

[Arun Babu Neelicattu <abn () redhat com>]

CVE-2014-7816 was assigned to a vulnerability in JBoss Undertow [1]. This flaw was reported by Roberto Soares of 
Conviso Application Security.

Issue Description:

It was discovered that Undertow, when running on Microsoft Windows, is vulnerable to a directory traversal flaw. A 
remote attacker could use this flaw to read arbitrary files that are accessible to the user running the Java process.

Fixed Version(s):

undertow 1.0.17.Final, undertow 1.2.0.Beta3, undertow 1.1.0.CR5

Victims Record:

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/7816.yaml

References:

https://issues.jboss.org/browse/UNDERTOW-338
https://issues.jboss.org/browse/WFLY-4020
https://bugzilla.redhat.com/CVE-2014-7816
https://access.redhat.com/security/cve/CVE-2014-7816

-- 
Arun Neelicattu / Red Hat Product Security
PGP: 0xC244393B 5229 F596 474F 00A1 E416  CF8B 36F5 5054 C244 393B