{"containers":{"cna":{"affected":[{"product":"undertow as shipped in Jboss EAP 7.1.0.GA","vendor":"Red Hat, Inc.","versions":[{"status":"affected","version":"7.1.0.GA"}]}],"datePublic":"2018-01-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-12-04T18:00:57.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2018:0479","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:0479"},{"name":"RHSA-2018:0481","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:0481"},{"name":"RHSA-2018:0480","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:0480"},{"name":"RHSA-2018:0478","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:0478"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1534343"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T03:44:11.828Z"},"title":"CVE Program Container","references":[{"name":"RHSA-2018:0479","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:0479"},{"name":"RHSA-2018:0481","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:0481"},{"name":"RHSA-2018:0480","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:0480"},{"name":"RHSA-2018:0478","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:0478"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1534343"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2018-1048","dateReserved":"2017-12-04T00:00:00.000Z","dateUpdated":"2024-08-05T03:44:11.828Z","state":"PUBLISHED","datePublished":"2018-01-24T23:00:00.000Z"},"dataType":"CVE_RECORD","dataVersion":"5.1"}