Vulnerability Description
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Wildfly Application Server | 10.0.0 |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-In
- https://bugzilla.redhat.com/show_bug.cgi?id=1305937Vendor Advisory
- https://security.netapp.com/advisory/ntap-20180215-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe
- https://www.exploit-db.com/exploits/39573/
- http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-In
- https://bugzilla.redhat.com/show_bug.cgi?id=1305937Vendor Advisory
- https://security.netapp.com/advisory/ntap-20180215-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe
- https://www.exploit-db.com/exploits/39573/
FAQ
What is CVE-2016-0793?
CVE-2016-0793 is a vulnerability with a CVSS score of 7.5 (HIGH). Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensiti...
How severe is CVE-2016-0793?
CVE-2016-0793 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0793?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Wildfly Application Server, Microsoft Windows.