What is the severity of CVE-2015-3198?

CVE-2015-3198 has a moderate severity level as it can expose source code inadvertently.

How do I fix CVE-2015-3198?

To address CVE-2015-3198, upgrade to WildFly version 9.0.0.CR2 or later.

Which versions are affected by CVE-2015-3198?

CVE-2015-3198 affects WildFly versions from 8.1.0.Final up to 9.0.0.CR1.

What type of vulnerability is CVE-2015-3198?

CVE-2015-3198 is a source code disclosure vulnerability in the Undertow module of WildFly.

Vulnerability/
CVE-2015-3198

high

7.5

CWE

200

25/5/2015

21/7/2017

17/5/2022

6/8/2024

CVE-2015-3198: Infoleak

Q: Does CVE-2015-3198 affect Red Hat JBoss Enterprise Application Platform?

No, CVE-2015-3198 does not affect any versions of Red Hat JBoss Enterprise Application Platform.

First published: Mon May 25 2015(Updated: )

A flaw was reported in the Undertow module of WildFly that leaks the source code of a JSP page when a trailing slash (/) is added to the end of its URL. This issue did not affect any versions of Red Hat JBoss Enterprise Application Platform because this flaw only affects the Undertow web module; JBoss EAP uses JBoss Web.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
maven/org.wildfly:wildfly-parent	>=8.1.0.Final<=9.0.0.CR1	9.0.0.CR2
Red Hat JBoss WildFly Application Server	=9.0.0-beta1
Red Hat JBoss WildFly Application Server	=9.0.0-beta2
Red Hat JBoss WildFly Application Server	=9.0.0-cr1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-3198?
CVE-2015-3198 has a moderate severity level as it can expose source code inadvertently.
How do I fix CVE-2015-3198?
To address CVE-2015-3198, upgrade to WildFly version 9.0.0.CR2 or later.
Which versions are affected by CVE-2015-3198?
CVE-2015-3198 affects WildFly versions from 8.1.0.Final up to 9.0.0.CR1.
Does CVE-2015-3198 affect Red Hat JBoss Enterprise Application Platform?
No, CVE-2015-3198 does not affect any versions of Red Hat JBoss Enterprise Application Platform.
What type of vulnerability is CVE-2015-3198?
CVE-2015-3198 is a source code disclosure vulnerability in the Undertow module of WildFly.

collector/github-advisory
alias/GHSA-4vwv-x3gp-2j4g
alias/CVE-2015-3198
collector/github-advisory-latest
agent/author
agent/type
agent/first-publish-date
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/severity
collector/redhat-bugzilla
source/Red Hat
agent/event
agent/description
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-cve
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/maven
vendor/redhat
canonical/red hat jboss wildfly application server
version/red hat jboss wildfly application server/9.0.0-beta1
version/red hat jboss wildfly application server/9.0.0-beta2
version/red hat jboss wildfly application server/9.0.0-cr1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.