VulnerableCode Package Details - pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.9.16-2.Final_redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-bm42-byxp-2kb5 Aliases: CVE-2018-1067 GHSA-47mp-rq2x-wjf2	In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.	There are no reported fixed by versions.
VCID-fzrt-143x-tqdd Aliases: CVE-2018-8088 GHSA-w77p-8cfg-2x43	Improper Access Control in SLF4J org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.	There are no reported fixed by versions.
VCID-zku3-qq4e-7fes Aliases: CVE-2018-1047 GHSA-fmr4-w67p-vh8x	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-bm42-byxp-2kb5
Aliases:
CVE-2018-1067
GHSA-47mp-rq2x-wjf2

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.

There are no reported fixed by versions.

VCID-fzrt-143x-tqdd
Aliases:
CVE-2018-8088
GHSA-w77p-8cfg-2x43

Improper Access Control in SLF4J org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

There are no reported fixed by versions.

VCID-zku3-qq4e-7fes
Aliases:
CVE-2018-1047
GHSA-fmr4-w67p-vh8x

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:26:40.939808+00:00	RedHat Importer	Affected by	VCID-zku3-qq4e-7fes	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1047.json	38.0.0
2026-04-01T14:26:05.253750+00:00	RedHat Importer	Affected by	VCID-fzrt-143x-tqdd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8088.json	38.0.0
2026-04-01T14:25:07.890998+00:00	RedHat Importer	Affected by	VCID-bm42-byxp-2kb5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json	38.0.0