CVE-2016-0793

Name of the Vulnerable Software and Affected Versions WildFly versions prior to 10.0.0.Final

Description The issue is related to an incomplete blacklist vulnerability in the servlet filter restriction mechanism. This allows remote attackers to read sensitive files in the WEB-INF or META-INF directory via a request containing lowercase or "meaningless" characters.

Recommendations For versions prior to 10.0.0.Final, update to version 10.0.0.Final or later to resolve the issue. As a temporary workaround, consider restricting access to the WEB-INF and META-INF directories to minimize the risk of exploitation.