What is the severity of CVE-2019-10184?

CVE-2019-10184 is classified as a medium severity vulnerability due to its information leak potential.

How do I fix CVE-2019-10184?

To fix CVE-2019-10184, upgrade to Undertow version 2.0.23 or later.

What systems are affected by CVE-2019-10184?

CVE-2019-10184 affects Undertow versions prior to 2.0.23, as well as various Red Hat products using those versions.

What type of vulnerability is CVE-2019-10184?

CVE-2019-10184 is an information leakage vulnerability that allows directory structure prediction.

Is there a workaround for CVE-2019-10184?

There are no specific workarounds recommended for CVE-2019-10184; updating the software is the best course of action.

Vulnerability/
CVE-2019-10184

high

7.5

CWE

862

22/5/2019

24/7/2019

25/7/2019

1/8/2019

4/8/2024

CVE-2019-10184

First published: Wed May 22 2019(Updated: )

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Credit: secalert@redhat.com

Remedy

https://github.com/undertow-io/undertow/pull/794

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2019-10184?
CVE-2019-10184 is classified as a medium severity vulnerability due to its information leak potential.
How do I fix CVE-2019-10184?
To fix CVE-2019-10184, upgrade to Undertow version 2.0.23 or later.
What systems are affected by CVE-2019-10184?
CVE-2019-10184 affects Undertow versions prior to 2.0.23, as well as various Red Hat products using those versions.
What type of vulnerability is CVE-2019-10184?
CVE-2019-10184 is an information leakage vulnerability that allows directory structure prediction.
Is there a workaround for CVE-2019-10184?
There are no specific workarounds recommended for CVE-2019-10184; updating the software is the best course of action.

collector/github-advisory-latest
alias/GHSA-w69w-jvc7-wjgv
alias/CVE-2019-10184
collector/github-advisory
collector/redhat-cve
agent/type
agent/first-publish-date
agent/severity
agent/references
agent/weakness
agent/remedy
agent/description
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-cve
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/maven
package-manager/redhat
vendor/redhat
canonical/red hat undertow
canonical/red hat jboss data grid
canonical/jboss enterprise application platform
version/jboss enterprise application platform/7.0.0
canonical/red hat openshift application runtimes
version/red hat openshift application runtimes/1.0
canonical/red hat single sign-on
version/red hat single sign-on/7.0
version/jboss enterprise application platform/7.2
version/jboss enterprise application platform/7.3
version/jboss enterprise application platform/7.4
canonical/red hat enterprise linux
version/red hat enterprise linux/8.0
version/red hat enterprise linux/7.0
version/red hat enterprise linux/6.0
version/red hat single sign-on/7.3
vendor/netapp
canonical/netapp active iq unified manager
canonical/netapp active iq unified manager for vmware vsphere