CVE-2018-1047

MEDIUM

JBoss WildFly Application Server 9.x - Path Traversal via ServletResourceManager

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1047. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2018-1047, a vulnerability in WildFly Application Server. The exploit targets a deserialization flaw in the appclient module, allowing remote code execution.

Description

A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.

Exploits (1)

nomisec WORKING POC
by shoucheng3 · poc
https://github.com/shoucheng3/wildfly__wildfly_CVE-2018-1047_11-0-0-Final

This repository contains a proof-of-concept exploit for CVE-2018-1047, a vulnerability in WildFly Application Server. The exploit targets a deserialization flaw in the appclient module, allowing remote code execution.

Classification
Working Poc 90%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: WildFly Application Server 11.0.0.Final
No auth needed
Prerequisites: Network access to the target WildFly server · Vulnerable version of WildFly (11.0.0.Final)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1248
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1251
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2938
Issue Tracking, Vendor Advisory x_refsource_confirm
https://issues.jboss.org/browse/WFLY-9620
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1247
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1528361
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1249

Scores

CVSS v3 5.5
EPSS 0.0018
EPSS Percentile 39.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22 CWE-20
Status published
Products (8)
org.wildfly/wildfly-undertow 0 - 12.0.0Maven
redhat/jboss_enterprise_application_platform 7.1.0
redhat/jboss_wildfly_application_server 9.0.0 (6 CPE variants)
redhat/jboss_wildfly_application_server 9.0.1
redhat/jboss_wildfly_application_server 9.0.2
redhat/jboss_wildfly_application_server 10.0.0 (14 CPE variants)
redhat/jboss_wildfly_application_server 10.1.0 (2 CPE variants)
redhat/jboss_wildfly_application_server 11.0.0 (4 CPE variants)
Published Jan 24, 2018
Tracked Since Feb 18, 2026