VYPR

Maven package

org.jboss.eap/wildfly-undertow

pkg:maven/org.jboss.eap/wildfly-undertow

Vulnerabilities (2)

  • CVE-2018-1067MedMay 21, 2018
    affected < 7.1.2.GAfixed 7.1.2.GA

    In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input

  • CVE-2018-1048HigJan 24, 2018
    affected >= 7.1.0.GA, < 7.1.1.GAfixed 7.1.1.GA

    It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbi