VYPR
Moderate severityNVD Advisory· Published Dec 1, 2014· Updated Jun 17, 2026

CVE-2014-7816

CVE-2014-7816

Description

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.undertow:undertow-coreMaven
>= 1.0.0, < 1.0.171.0.17
io.undertow:undertow-coreMaven
>= 1.1.0.Beta1, < 1.1.0.CR51.1.0.CR5
io.undertow:undertow-coreMaven
>= 1.2.0.Beta1, < 1.2.0.Beta31.2.0.Beta3

Affected products

4
  • Red Hat/Undertow3 versions
    cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*range: <=1.0.16
    • cpe:2.3:a:redhat:undertow:*:beta2:*:*:*:*:*:*range: <=1.2.0
    • cpe:2.3:a:redhat:undertow:*:cr4:*:*:*:*:*:*range: <=1.1.0
  • ghsa-coords
    Range: >= 1.0.0, < 1.0.17

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.