Stuart Douglas

14 exploits Active since Dec 2014
CVE-2018-1114 NOMISEC MEDIUM STUB
Undertow < 1.4.25.Final - File Descriptor Leak via URLResource.getLastModified()
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVSS 6.5
CVE-2014-7816 NOMISEC STUB
WildFly Directory Traversal
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
CVE-2017-7559 NOMISEC MEDIUM STUB
Undertow <2.0.0.Alpha2,<1.4.17.Final,<1.3.31.Final - SSRF
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
CVSS 6.1
CVE-2017-2666 NOMISEC MEDIUM STUB
Undertow < 1.3.31 - HTTP Request Smuggling via Invalid Request Line Characters
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
CVSS 6.5
CVE-2017-12165 NOMISEC LOW STUB
Undertow <1.4.17, <1.3.31, <2.0.0 - HTTP Request Smuggling
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
CVSS 2.6
CVE-2016-9589 NOMISEC HIGH STUB
Red Hat JBoss WildFly Application Server < 10.1.0 - Denial of Service via HTTP Header Cache Exhaustion
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.
CVSS 7.5
CVE-2018-1114 NOMISEC MEDIUM WRITEUP
Undertow < 1.4.25.Final - File Descriptor Leak via URLResource.getLastModified()
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVSS 6.5
CVE-2018-1047 NOMISEC MEDIUM WORKING POC
JBoss WildFly Application Server 9.x - Path Traversal via ServletResourceManager
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
CVSS 5.5
CVE-2017-7559 NOMISEC MEDIUM STUB
Undertow <2.0.0.Alpha2,<1.4.17.Final,<1.3.31.Final - SSRF
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
CVSS 6.1
CVE-2017-2666 NOMISEC MEDIUM STUB
Undertow < 1.3.31 - HTTP Request Smuggling via Invalid Request Line Characters
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
CVSS 6.5
CVE-2017-12165 NOMISEC LOW STUB
Undertow <1.4.17, <1.3.31, <2.0.0 - HTTP Request Smuggling
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
CVSS 2.6
CVE-2016-9589 NOMISEC HIGH STUB
Red Hat JBoss WildFly Application Server < 10.1.0 - Denial of Service via HTTP Header Cache Exhaustion
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.
CVSS 7.5
CVE-2014-7816 NOMISEC STUB
WildFly Directory Traversal
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
CVE-2014-7816 NOMISEC STUB
WildFly Directory Traversal
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.