TROYANOSYVIRUS
Retour aux CVEs

CVE-2024-1459

MEDIUM
5.3

Description

A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.

Details CVE

Score CVSS v3.15.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/12/2024
Derniere modification10/24/2025
Sourcenvd
Observations honeypot0

Produits affectes

redhat:undertow

Faiblesses (CWE)

CWE-24

References

https://access.redhat.com/errata/RHSA-2024:1674(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:1675(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:1676(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:2763(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:2764(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2024-1459(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2259475(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:1677(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2763(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2764(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2024-1459(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2259475(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20241122-0008/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.