CVE-2019-10184

HIGH

undertow <2.0.23.Final - Info Disclosure

Title source: llm
STIX 2.1

Description

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

References (13)

Core 13
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2937
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2935
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2936
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2938
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2998
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3044
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3045
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3050
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3046
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0727
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184
Patch, Third Party Advisory x_refsource_confirm
https://github.com/undertow-io/undertow/pull/794
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220210-0016/

Scores

CVSS v3 7.5
EPSS 0.0148
EPSS Percentile 81.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-862
Status published
Products (14)
io.undertow/undertow-servlet 0 - 2.0.23Maven
netapp/active_iq_unified_manager (3 CPE variants)
redhat/jboss_data_grid
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform 7.0.0
redhat/jboss_enterprise_application_platform 7.2
redhat/jboss_enterprise_application_platform 7.3
redhat/jboss_enterprise_application_platform 7.4
redhat/openshift_application_runtimes
redhat/openshift_application_runtimes 1.0
... and 4 more
Published Jul 25, 2019
Tracked Since Feb 18, 2026