PT-2017-6644 · Red Hat · Wildfly

Abhinav Gupta

Published

2017-07-21

Updated

2022-05-17

CVE-2015-3198

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WildFly versions 8.1.0.Final through 8.2.0.Final WildFly versions 9.0.0.CR1

Description The issue allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.

Recommendations For WildFly version 8.1.0.Final, update to a version after 8.1.0.Final. For WildFly version 8.2.0.Final, update to a version after 8.2.0.Final. For WildFly version 9.0.0.CR1, update to a version after 9.0.0.CR1, such as 9.0.0.CR2.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-3198

GHSA-4VWV-X3GP-2J4G

Affected Products

Wildfly

PT-2017-6644 · Red Hat · Wildfly

CVE-2015-3198

Weakness Enumeration

Related Identifiers

Affected Products

References · 7