PT-2019-11609 · Red Hat · Undertow

Gaol

Published

2019-07-25

Updated

2025-03-07

CVE-2019-10184

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: undertow versions prior to 2.0.23.Final

Description: The issue allows web apps to have their directory structures predicted through requests without trailing slashes via the API. This is an information leak issue.

Recommendations: For versions prior to 2.0.23.Final, update to version 2.0.23.Final or later to resolve the issue. As a temporary workaround, consider restricting access to the API to minimize the risk of exploitation. Avoid making requests without trailing slashes to affected web apps until the issue is resolved.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2019-10184

GHSA-W69W-JVC7-WJGV

OESA-2025-1257

RHSA-2019:2935

RHSA-2019:2936

RHSA-2019:2937

RHSA-2019:3044

RHSA-2019:3045

RHSA-2019:3046

Affected Products

Undertow

PT-2019-11609 · Red Hat · Undertow

CVE-2019-10184

Weakness Enumeration

Related Identifiers

Affected Products

References · 29