CVE-2019-10184 — HIGH (7.5)

Q: What is CVE-2019-10184?

CVE-2019-10184 is a vulnerability with a CVSS score of 7.5 (HIGH). undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Q: How severe is CVE-2019-10184?

CVE-2019-10184 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10184?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Undertow, Redhat Jboss Data Grid, Redhat Jboss Enterprise Application Platform, Redhat Openshift Application Runtimes, Redhat Single Sign-On.

Vulnerability Description

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Undertow	< 2.0.23
Redhat	Jboss Data Grid	-
Redhat	Jboss Enterprise Application Platform	-
Redhat	Openshift Application Runtimes	-
Redhat	Single Sign-On	-
Redhat	Enterprise Linux	8.0
Netapp	Active Iq Unified Manager	-

Related Weaknesses (CWE)

CWE-862

References

https://access.redhat.com/errata/RHSA-2019:2935Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2936Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2937Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2938Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2998Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3044Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3045Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3046Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3050Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0727Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184Issue TrackingVendor Advisory
https://github.com/undertow-io/undertow/pull/794PatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20220210-0016/Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2935Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2936Vendor Advisory

FAQ

What is CVE-2019-10184?

CVE-2019-10184 is a vulnerability with a CVSS score of 7.5 (HIGH). undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

How severe is CVE-2019-10184?

CVE-2019-10184 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10184?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Undertow, Redhat Jboss Data Grid, Redhat Jboss Enterprise Application Platform, Redhat Openshift Application Runtimes, Redhat Single Sign-On.