VYPR
High severity7.5NVD Advisory· Published Jan 24, 2018· Updated Jun 17, 2026

CVE-2018-1048

CVE-2018-1048

Description

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jboss.eap:wildfly-undertowMaven
>= 7.1.0.GA, < 7.1.1.GA7.1.1.GA

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.