Search for vulnerabilities
| Vulnerability ID | VCID-g1t4-yrv8-pfak |
| Aliases |
CVE-2014-7816
GHSA-h6p6-fc4w-cqhx |
| Summary | Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 6.2 |
| Risk | 10.0 |
| Affected and Fixed Packages | Package Details |
| Data source | Metasploit |
|---|---|
| Description | This module exploits a directory traversal vulnerability found in the WildFly 8.1.0.Final web server running on port 8080, named JBoss Undertow. The vulnerability only affects to Windows systems. |
| Note | Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects |
| Ransomware campaign use | Unknown |
| Source publication date | Oct. 22, 2014 |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/http/wildfly_traversal.rb |
| Percentile | 0.97911 |
| EPSS Score | 0.54404 |
| Published At | July 31, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T09:08:53.994773+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h6p6-fc4w-cqhx/GHSA-h6p6-fc4w-cqhx.json | 37.0.0 |