CVE-2019-10184 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2019-10184

Analyzed

More Info Official Page

Source-secalert@redhat.com

Published At-25 Jul, 2019 | 21:15

Updated At-20 Feb, 2022 | 06:11

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary	3.0	5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

>>undertow>>Versions before 2.0.23(exclusive)

cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*

>>jboss_data_grid>>-

cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*

>>jboss_enterprise_application_platform>>-

cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*

>>jboss_enterprise_application_platform>>7.0.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*

>>openshift_application_runtimes>>-

cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*

>>openshift_application_runtimes>>1.0

cpe:2.3:a:redhat:openshift_application_runtimes:1.0:*:*:*:*:*:*:*

>>single_sign-on>>-

cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*

>>single_sign-on>>7.0

cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

>>enterprise_linux>>8.0

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

>>jboss_enterprise_application_platform>>7.2

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*

>>jboss_enterprise_application_platform>>7.3

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*

>>jboss_enterprise_application_platform>>7.4

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*

>>enterprise_linux>>7.0

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

>>jboss_enterprise_application_platform>>7.2

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*

>>jboss_enterprise_application_platform>>7.3

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*

>>jboss_enterprise_application_platform>>7.4

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*

>>enterprise_linux>>6.0

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

>>jboss_enterprise_application_platform>>7.2

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*

>>jboss_enterprise_application_platform>>7.3

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*

>>enterprise_linux>>8.0

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

>>single_sign-on>>7.3

cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*

>>enterprise_linux>>7.0

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

>>single_sign-on>>7.3

cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*

>>enterprise_linux>>6.0

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

>>single_sign-on>>7.3

cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*

>>active_iq_unified_manager>>-

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*

>>active_iq_unified_manager>>-

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

>>active_iq_unified_manager>>-

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

Weaknesses

CWE ID	Type	Source
CWE-862	Primary	nvd@nist.gov
CWE-862	Secondary	secalert@redhat.com

References

Hyperlink	Source	Resource
https://access.redhat.com/errata/RHSA-2019:2935	secalert@redhat.com	Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2936	secalert@redhat.com	Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2937	secalert@redhat.com	Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2938	secalert@redhat.com	Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2998	secalert@redhat.com	Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3044	secalert@redhat.com	Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3045	secalert@redhat.com	Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3046	secalert@redhat.com	Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3050	secalert@redhat.com	Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0727	secalert@redhat.com	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184	secalert@redhat.com	Issue Tracking Vendor Advisory
https://github.com/undertow-io/undertow/pull/794	secalert@redhat.com	Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20220210-0016/	secalert@redhat.com	Third Party Advisory