Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ntaz-sckf-mubx
Vulnerability ID VCID-ntaz-sckf-mubx
Aliases CVE-2014-7816
GHSA-h6p6-fc4w-cqhx
Summary Information disclosure via directory traversal Directory traversal vulnerability in this package when running on Windows, allows remote attackers to read arbitrary files via a `..` in a resource URI.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (6)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
CWE-552 Files or Directories Accessible to External Parties
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.55155 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.55155 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.55155 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.55155 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.55155 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.55155 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.55155 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.55155 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
epss 0.55155 https://api.first.org/data/v1/epss?cve=CVE-2014-7816
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=1157478
generic_textual MODERATE http://seclists.org/oss-sec/2014/q4/830
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-h6p6-fc4w-cqhx
generic_textual MODERATE https://issues.jboss.org/browse/UNDERTOW-338
generic_textual MODERATE https://issues.jboss.org/browse/WFLY-4020
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2014-7816
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2014-7816
generic_textual MODERATE http://www.securityfocus.com/bid/71328
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7816.json
https://api.first.org/data/v1/epss?cve=CVE-2014-7816
https://bugzilla.redhat.com/show_bug.cgi?id=1157478
http://seclists.org/oss-sec/2014/q4/830
https://issues.jboss.org/browse/UNDERTOW-338
https://issues.jboss.org/browse/WFLY-4020
https://nvd.nist.gov/vuln/detail/CVE-2014-7816
http://www.securityfocus.com/bid/71328
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:beta2:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:cr4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:cr4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVE-2014-7816 https://bugzilla.redhat.com/CVE-2014-7816
GHSA-h6p6-fc4w-cqhx https://github.com/advisories/GHSA-h6p6-fc4w-cqhx
Data source Metasploit
Description This module exploits a directory traversal vulnerability found in the WildFly 8.1.0.Final web server running on port 8080, named JBoss Undertow. The vulnerability only affects to Windows systems.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date Oct. 22, 2014
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/http/wildfly_traversal.rb
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-7816
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.98042
EPSS Score 0.55155
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:46:55.310975+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2014-7816.yml 38.0.0