Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-zku3-qq4e-7fes
Vulnerability ID VCID-zku3-qq4e-7fes
Aliases CVE-2018-1047
GHSA-fmr4-w67p-vh8x
Summary Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
Status Published
Exploitability 0.5
Weighted Severity 7.7
Risk 3.9
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
System Score Found at
cvssv3.1 5.5 https://access.redhat.com/errata/RHSA-2018:1247
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:1247
cvssv3.1 5.5 https://access.redhat.com/errata/RHSA-2018:1248
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:1248
cvssv3.1 5.5 https://access.redhat.com/errata/RHSA-2018:1249
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:1249
cvssv3.1 5.5 https://access.redhat.com/errata/RHSA-2018:1251
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:1251
cvssv3.1 5.5 https://access.redhat.com/errata/RHSA-2018:2938
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:2938
cvssv3 8.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1047.json
cvssv3.1 5.5 https://access.redhat.com/security/cve/CVE-2018-1047
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2018-1047
cvssv3.1 5.5 https://bugzilla.redhat.com/show_bug.cgi?id=1528361
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=1528361
cvssv3.1 5.5 https://github.com/advisories/GHSA-fmr4-w67p-vh8x
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-fmr4-w67p-vh8x
generic_textual MODERATE https://github.com/advisories/GHSA-fmr4-w67p-vh8x
cvssv3.1 5.5 https://issues.jboss.org/browse/WFLY-9620
generic_textual MODERATE https://issues.jboss.org/browse/WFLY-9620
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2018-1047
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2018-1047
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2018:1247
https://access.redhat.com/errata/RHSA-2018:1248
https://access.redhat.com/errata/RHSA-2018:1249
https://access.redhat.com/errata/RHSA-2018:1251
https://access.redhat.com/errata/RHSA-2018:2938
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1047.json
https://access.redhat.com/security/cve/CVE-2018-1047
https://api.first.org/data/v1/epss?cve=CVE-2018-1047
https://bugzilla.redhat.com/show_bug.cgi?id=1528361
https://issues.jboss.org/browse/WFLY-9620
CVE-2018-1047 https://nvd.nist.gov/vuln/detail/CVE-2018-1047
GHSA-fmr4-w67p-vh8x https://github.com/advisories/GHSA-fmr4-w67p-vh8x
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:1247
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:1248
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:1249
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:1251
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:2938
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1047.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2018-1047
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1528361
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/advisories/GHSA-fmr4-w67p-vh8x
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://issues.jboss.org/browse/WFLY-9620
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1047
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.38951
EPSS Score 0.00176
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:48:06.813209+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly/wildfly-undertow/CVE-2018-1047.yml 38.0.0