PT-2022-10589 · Red Hat · Red Hat Jboss Core Services Http Server
Ted Jongseok Won
·
Published
2022-08-26
·
Updated
2023-02-12
·
CVE-2021-3688
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat JBoss Core Services HTTP Server (affected versions not specified)
Description
A flaw was found in Red Hat JBoss Core Services HTTP Server where it does not properly normalize the path component of a request URL containing dot-dot-semicolon(s). This could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this issue is to data confidentiality and integrity.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Information Disclosure
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Red Hat Jboss Core Services Http Server