Search for vulnerabilities
Vulnerability details: VCID-eprt-d3h3-aaam
Vulnerability ID VCID-eprt-d3h3-aaam
Aliases CVE-2014-7816
GHSA-h6p6-fc4w-cqhx
Summary Information disclosure via directory traversal Directory traversal vulnerability in this package when running on Windows, allows remote attackers to read arbitrary files via a `..` in a resource URI.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (6)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
CWE-552 Files or Directories Accessible to External Parties
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.04584 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.04584 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.04584 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.04584 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.04584 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.04584 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.04584 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.04584 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.04584 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.04584 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.07596 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.07596 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.07596 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.07596 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.54404 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=1157478
generic_textual MODERATE http://seclists.org/oss-sec/2014/q4/830
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-h6p6-fc4w-cqhx
generic_textual MODERATE https://issues.jboss.org/browse/UNDERTOW-338
generic_textual MODERATE https://issues.jboss.org/browse/WFLY-4020
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2014-7816
generic_textual MODERATE http://www.securityfocus.com/bid/71328
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7816.json
https://api.first.org/data/v1/epss?cve=CVE-2014-7816
https://bugzilla.redhat.com/show_bug.cgi?id=1157478
http://seclists.org/oss-sec/2014/q4/830
https://issues.jboss.org/browse/UNDERTOW-338
https://issues.jboss.org/browse/WFLY-4020
http://www.securityfocus.com/bid/71328
CVE-2014-7816 https://bugzilla.redhat.com/CVE-2014-7816
CVE-2014-7816 https://nvd.nist.gov/vuln/detail/CVE-2014-7816
GHSA-h6p6-fc4w-cqhx https://github.com/advisories/GHSA-h6p6-fc4w-cqhx
Data source Metasploit
Description This module exploits a directory traversal vulnerability found in the WildFly 8.1.0.Final web server running on port 8080, named JBoss Undertow. The vulnerability only affects to Windows systems.
Note 
{}
Ransomware campaign use Unknown
Source publication date Oct. 22, 2014
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/http/wildfly_traversal.rb
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-7816
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92743
EPSS Score 0.04584
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.