ALT-PU-2016-3279-1

Package update undertow in branch sisyphus

Version1.4.0-alt1_1jpp8

Published2016-12-19

Max severityHIGH

Severity:

Closed issues (4)

MEDIUM5.0

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.

Published: 2014-12-01Modified: 2025-04-12

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

References

HIGH7.5

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.

Published: 2018-07-27Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

GHSA-3x7h-5hfr-hvjm

HIGH7.5

Moderate severity vulnerability that affects io.undertow:undertow-core

Published: 2018-10-19Modified: 2021-09-01

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

GHSA-h6p6-fc4w-cqhx

NONE

Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow

Published: 2022-05-17Modified: 2022-07-07

References