First published: Wed Dec 19 2018(Updated: )
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/eap7-activemq-artemis | <0:2.9.0-4.redhat_00010.1.el6ea | 0:2.9.0-4.redhat_00010.1.el6ea |
redhat/eap7-apache-cxf | <0:3.2.12-1.redhat_00001.1.el6ea | 0:3.2.12-1.redhat_00001.1.el6ea |
redhat/eap7-bouncycastle | <0:1.60.0-2.redhat_00002.1.el6ea | 0:1.60.0-2.redhat_00002.1.el6ea |
redhat/eap7-codehaus-jackson | <0:1.9.13-10.redhat_00007.1.el6ea | 0:1.9.13-10.redhat_00007.1.el6ea |
redhat/eap7-cryptacular | <0:1.2.4-1.redhat_00001.1.el6ea | 0:1.2.4-1.redhat_00001.1.el6ea |
redhat/eap7-glassfish-el | <0:3.0.1-5.b08_redhat_00004.1.el6ea | 0:3.0.1-5.b08_redhat_00004.1.el6ea |
redhat/eap7-glassfish-javamail | <0:1.6.2-2.redhat_00001.1.el6ea | 0:1.6.2-2.redhat_00001.1.el6ea |
redhat/eap7-glassfish-jsf | <0:2.3.5-10.SP3_redhat_00008.1.el6ea | 0:2.3.5-10.SP3_redhat_00008.1.el6ea |
redhat/eap7-hal-console | <0:3.0.21-1.Final_redhat_00001.1.el6ea | 0:3.0.21-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate-commons-annotations | <0:5.0.5-1.Final_redhat_00002.1.el6ea | 0:5.0.5-1.Final_redhat_00002.1.el6ea |
redhat/eap7-hibernate-search | <0:5.10.7-1.Final_redhat_00001.1.el6ea | 0:5.10.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-httpcomponents-client | <0:4.5.4-1.redhat_00001.1.el6ea | 0:4.5.4-1.redhat_00001.1.el6ea |
redhat/eap7-httpcomponents-core | <0:4.4.5-1.redhat_00001.1.el6ea | 0:4.4.5-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-databind | <0:2.9.10.2-2.redhat_00002.1.el6ea | 0:2.9.10.2-2.redhat_00002.1.el6ea |
redhat/eap7-jasypt | <0:1.9.3-1.redhat_00001.1.el6ea | 0:1.9.3-1.redhat_00001.1.el6ea |
redhat/eap7-javaee-security-soteria | <0:1.0.0-3.redhat_00002.1.el6ea | 0:1.0.0-3.redhat_00002.1.el6ea |
redhat/eap7-jaxbintros | <0:1.0.3-1.GA_redhat_00001.1.el6ea | 0:1.0.3-1.GA_redhat_00001.1.el6ea |
redhat/eap7-jboss-classfilewriter | <0:1.2.4-1.Final_redhat_00001.1.el6ea | 0:1.2.4-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-common-beans | <0:2.0.1-1.Final_redhat_00001.1.el6ea | 0:2.0.1-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-ejb-client | <0:4.0.31-1.Final_redhat_00001.1.el6ea | 0:4.0.31-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-invocation | <0:1.5.2-1.Final_redhat_00001.1.el6ea | 0:1.5.2-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-modules | <0:1.8.9-1.Final_redhat_00001.1.el6ea | 0:1.8.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-openjdk-orb | <0:8.1.4-3.Final_redhat_00002.1.el6ea | 0:8.1.4-3.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-remoting | <0:5.0.18-1.Final_redhat_00001.1.el6ea | 0:5.0.18-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-remoting-jmx | <0:3.0.4-1.Final_redhat_00001.1.el6ea | 0:3.0.4-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-security-negotiation | <0:3.0.6-1.Final_redhat_00001.1.el6ea | 0:3.0.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration | <0:1.3.1-10.Final_redhat_00011.1.el6ea | 0:1.3.1-10.Final_redhat_00011.1.el6ea |
redhat/eap7-jboss-threads | <0:2.3.3-1.Final_redhat_00001.1.el6ea | 0:2.3.3-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jbossws-common | <0:3.2.3-1.Final_redhat_00001.1.el6ea | 0:3.2.3-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jgroups | <0:4.0.20-2.Final_redhat_00002.1.el6ea | 0:4.0.20-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jgroups-azure | <0:1.2.1-1.Final_redhat_00001.1.el6ea | 0:1.2.1-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jgroups-kubernetes | <0:1.0.13-1.Final_redhat_00001.1.el6ea | 0:1.0.13-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana | <0:5.9.8-1.Final_redhat_00002.1.el6ea | 0:5.9.8-1.Final_redhat_00002.1.el6ea |
redhat/eap7-opensaml | <0:3.3.1-1.redhat_00002.1.el6ea | 0:3.3.1-1.redhat_00002.1.el6ea |
redhat/eap7-picketbox | <0:5.0.3-7.Final_redhat_00006.1.el6ea | 0:5.0.3-7.Final_redhat_00006.1.el6ea |
redhat/eap7-resteasy | <0:3.6.1-9.SP8_redhat_00001.1.el6ea | 0:3.6.1-9.SP8_redhat_00001.1.el6ea |
redhat/eap7-slf4j-jboss-logmanager | <0:1.0.4-1.GA_redhat_00001.1.el6ea | 0:1.0.4-1.GA_redhat_00001.1.el6ea |
redhat/eap7-smallrye-config | <0:1.3.6-1.SP01_redhat_00001.1.el6ea | 0:1.3.6-1.SP01_redhat_00001.1.el6ea |
redhat/eap7-smallrye-health | <0:1.0.2-2.redhat_00002.1.el6ea | 0:1.0.2-2.redhat_00002.1.el6ea |
redhat/eap7-undertow | <0:2.0.30-2.SP2_redhat_00001.1.el6ea | 0:2.0.30-2.SP2_redhat_00001.1.el6ea |
redhat/eap7-weld-cdi | <2.0-api-0:2.0.0-4.SP1_redhat_00004.1.el6ea | 2.0-api-0:2.0.0-4.SP1_redhat_00004.1.el6ea |
redhat/eap7-wildfly | <0:7.2.8-3.GA_redhat_00002.1.el6ea | 0:7.2.8-3.GA_redhat_00002.1.el6ea |
redhat/eap7-wildfly-elytron | <0:1.6.6-1.Final_redhat_00001.1.el6ea | 0:1.6.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-naming-client | <0:1.0.12-1.Final_redhat_00001.1.el6ea | 0:1.0.12-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-transaction-client | <0:1.1.10-1.Final_redhat_00001.1.el6ea | 0:1.1.10-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wss4j | <0:2.2.5-1.redhat_00001.1.el6ea | 0:2.2.5-1.redhat_00001.1.el6ea |
redhat/eap7-activemq-artemis | <0:2.9.0-4.redhat_00010.1.el7ea | 0:2.9.0-4.redhat_00010.1.el7ea |
redhat/eap7-apache-cxf | <0:3.2.12-1.redhat_00001.1.el7ea | 0:3.2.12-1.redhat_00001.1.el7ea |
redhat/eap7-bouncycastle | <0:1.60.0-2.redhat_00002.1.el7ea | 0:1.60.0-2.redhat_00002.1.el7ea |
redhat/eap7-codehaus-jackson | <0:1.9.13-10.redhat_00007.1.el7ea | 0:1.9.13-10.redhat_00007.1.el7ea |
redhat/eap7-cryptacular | <0:1.2.4-1.redhat_00001.1.el7ea | 0:1.2.4-1.redhat_00001.1.el7ea |
redhat/eap7-glassfish-el | <0:3.0.1-5.b08_redhat_00004.1.el7ea | 0:3.0.1-5.b08_redhat_00004.1.el7ea |
redhat/eap7-glassfish-javamail | <0:1.6.2-2.redhat_00001.1.el7ea | 0:1.6.2-2.redhat_00001.1.el7ea |
redhat/eap7-glassfish-jsf | <0:2.3.5-10.SP3_redhat_00008.1.el7ea | 0:2.3.5-10.SP3_redhat_00008.1.el7ea |
redhat/eap7-hal-console | <0:3.0.21-1.Final_redhat_00001.1.el7ea | 0:3.0.21-1.Final_redhat_00001.1.el7ea |
redhat/eap7-hibernate-commons-annotations | <0:5.0.5-1.Final_redhat_00002.1.el7ea | 0:5.0.5-1.Final_redhat_00002.1.el7ea |
redhat/eap7-hibernate-search | <0:5.10.7-1.Final_redhat_00001.1.el7ea | 0:5.10.7-1.Final_redhat_00001.1.el7ea |
redhat/eap7-httpcomponents-client | <0:4.5.4-1.redhat_00001.1.el7ea | 0:4.5.4-1.redhat_00001.1.el7ea |
redhat/eap7-httpcomponents-core | <0:4.4.5-1.redhat_00001.1.el7ea | 0:4.4.5-1.redhat_00001.1.el7ea |
redhat/eap7-jackson-databind | <0:2.9.10.2-2.redhat_00002.1.el7ea | 0:2.9.10.2-2.redhat_00002.1.el7ea |
redhat/eap7-jasypt | <0:1.9.3-1.redhat_00001.1.el7ea | 0:1.9.3-1.redhat_00001.1.el7ea |
redhat/eap7-javaee-security-soteria | <0:1.0.0-3.redhat_00002.1.el7ea | 0:1.0.0-3.redhat_00002.1.el7ea |
redhat/eap7-jaxbintros | <0:1.0.3-1.GA_redhat_00001.1.el7ea | 0:1.0.3-1.GA_redhat_00001.1.el7ea |
redhat/eap7-jboss-classfilewriter | <0:1.2.4-1.Final_redhat_00001.1.el7ea | 0:1.2.4-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-common-beans | <0:2.0.1-1.Final_redhat_00001.1.el7ea | 0:2.0.1-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-ejb-client | <0:4.0.31-1.Final_redhat_00001.1.el7ea | 0:4.0.31-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-invocation | <0:1.5.2-1.Final_redhat_00001.1.el7ea | 0:1.5.2-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-modules | <0:1.8.9-1.Final_redhat_00001.1.el7ea | 0:1.8.9-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-openjdk-orb | <0:8.1.4-3.Final_redhat_00002.1.el7ea | 0:8.1.4-3.Final_redhat_00002.1.el7ea |
redhat/eap7-jboss-remoting | <0:5.0.18-1.Final_redhat_00001.1.el7ea | 0:5.0.18-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-remoting-jmx | <0:3.0.4-1.Final_redhat_00001.1.el7ea | 0:3.0.4-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-security-negotiation | <0:3.0.6-1.Final_redhat_00001.1.el7ea | 0:3.0.6-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-server-migration | <0:1.3.1-10.Final_redhat_00011.1.el7ea | 0:1.3.1-10.Final_redhat_00011.1.el7ea |
redhat/eap7-jboss-threads | <0:2.3.3-1.Final_redhat_00001.1.el7ea | 0:2.3.3-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jbossws-common | <0:3.2.3-1.Final_redhat_00001.1.el7ea | 0:3.2.3-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jgroups | <0:4.0.20-2.Final_redhat_00002.1.el7ea | 0:4.0.20-2.Final_redhat_00002.1.el7ea |
redhat/eap7-jgroups-azure | <0:1.2.1-1.Final_redhat_00001.1.el7ea | 0:1.2.1-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jgroups-kubernetes | <0:1.0.13-1.Final_redhat_00001.1.el7ea | 0:1.0.13-1.Final_redhat_00001.1.el7ea |
redhat/eap7-narayana | <0:5.9.8-1.Final_redhat_00002.1.el7ea | 0:5.9.8-1.Final_redhat_00002.1.el7ea |
redhat/eap7-opensaml | <0:3.3.1-1.redhat_00002.1.el7ea | 0:3.3.1-1.redhat_00002.1.el7ea |
redhat/eap7-picketbox | <0:5.0.3-7.Final_redhat_00006.1.el7ea | 0:5.0.3-7.Final_redhat_00006.1.el7ea |
redhat/eap7-resteasy | <0:3.6.1-9.SP8_redhat_00001.1.el7ea | 0:3.6.1-9.SP8_redhat_00001.1.el7ea |
redhat/eap7-slf4j-jboss-logmanager | <0:1.0.4-1.GA_redhat_00001.1.el7ea | 0:1.0.4-1.GA_redhat_00001.1.el7ea |
redhat/eap7-smallrye-config | <0:1.3.6-1.SP01_redhat_00001.1.el7ea | 0:1.3.6-1.SP01_redhat_00001.1.el7ea |
redhat/eap7-smallrye-health | <0:1.0.2-2.redhat_00002.1.el7ea | 0:1.0.2-2.redhat_00002.1.el7ea |
redhat/eap7-undertow | <0:2.0.30-2.SP2_redhat_00001.1.el7ea | 0:2.0.30-2.SP2_redhat_00001.1.el7ea |
redhat/eap7-weld-cdi | <2.0-api-0:2.0.0-4.SP1_redhat_00004.1.el7ea | 2.0-api-0:2.0.0-4.SP1_redhat_00004.1.el7ea |
redhat/eap7-wildfly | <0:7.2.8-3.GA_redhat_00002.1.el7ea | 0:7.2.8-3.GA_redhat_00002.1.el7ea |
redhat/eap7-wildfly-elytron | <0:1.6.6-1.Final_redhat_00001.1.el7ea | 0:1.6.6-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-naming-client | <0:1.0.12-1.Final_redhat_00001.1.el7ea | 0:1.0.12-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-transaction-client | <0:1.1.10-1.Final_redhat_00001.1.el7ea | 0:1.1.10-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wss4j | <0:2.2.5-1.redhat_00001.1.el7ea | 0:2.2.5-1.redhat_00001.1.el7ea |
redhat/eap7-activemq-artemis | <0:2.9.0-4.redhat_00010.1.el8ea | 0:2.9.0-4.redhat_00010.1.el8ea |
redhat/eap7-apache-cxf | <0:3.2.12-1.redhat_00001.1.el8ea | 0:3.2.12-1.redhat_00001.1.el8ea |
redhat/eap7-bouncycastle | <0:1.60.0-2.redhat_00002.1.el8ea | 0:1.60.0-2.redhat_00002.1.el8ea |
redhat/eap7-codehaus-jackson | <0:1.9.13-10.redhat_00007.1.el8ea | 0:1.9.13-10.redhat_00007.1.el8ea |
redhat/eap7-cryptacular | <0:1.2.4-1.redhat_00001.1.el8ea | 0:1.2.4-1.redhat_00001.1.el8ea |
redhat/eap7-glassfish-el | <0:3.0.1-5.b08_redhat_00004.1.el8ea | 0:3.0.1-5.b08_redhat_00004.1.el8ea |
redhat/eap7-glassfish-javamail | <0:1.6.2-2.redhat_00001.1.el8ea | 0:1.6.2-2.redhat_00001.1.el8ea |
redhat/eap7-glassfish-jsf | <0:2.3.5-10.SP3_redhat_00008.1.el8ea | 0:2.3.5-10.SP3_redhat_00008.1.el8ea |
redhat/eap7-hal-console | <0:3.0.21-1.Final_redhat_00001.1.el8ea | 0:3.0.21-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hibernate-commons-annotations | <0:5.0.5-1.Final_redhat_00002.1.el8ea | 0:5.0.5-1.Final_redhat_00002.1.el8ea |
redhat/eap7-hibernate-search | <0:5.10.7-1.Final_redhat_00001.1.el8ea | 0:5.10.7-1.Final_redhat_00001.1.el8ea |
redhat/eap7-httpcomponents-client | <0:4.5.4-1.redhat_00001.1.el8ea | 0:4.5.4-1.redhat_00001.1.el8ea |
redhat/eap7-httpcomponents-core | <0:4.4.5-1.redhat_00001.1.el8ea | 0:4.4.5-1.redhat_00001.1.el8ea |
redhat/eap7-jackson-databind | <0:2.9.10.2-2.redhat_00002.1.el8ea | 0:2.9.10.2-2.redhat_00002.1.el8ea |
redhat/eap7-jasypt | <0:1.9.3-1.redhat_00001.1.el8ea | 0:1.9.3-1.redhat_00001.1.el8ea |
redhat/eap7-javaee-security-soteria | <0:1.0.0-3.redhat_00002.1.el8ea | 0:1.0.0-3.redhat_00002.1.el8ea |
redhat/eap7-jaxbintros | <0:1.0.3-1.GA_redhat_00001.1.el8ea | 0:1.0.3-1.GA_redhat_00001.1.el8ea |
redhat/eap7-jboss-classfilewriter | <0:1.2.4-1.Final_redhat_00001.1.el8ea | 0:1.2.4-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-common-beans | <0:2.0.1-1.Final_redhat_00001.1.el8ea | 0:2.0.1-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-ejb-client | <0:4.0.31-1.Final_redhat_00001.1.el8ea | 0:4.0.31-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-invocation | <0:1.5.2-1.Final_redhat_00001.1.el8ea | 0:1.5.2-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-modules | <0:1.8.9-1.Final_redhat_00001.1.el8ea | 0:1.8.9-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-openjdk-orb | <0:8.1.4-3.Final_redhat_00002.1.el8ea | 0:8.1.4-3.Final_redhat_00002.1.el8ea |
redhat/eap7-jboss-remoting | <0:5.0.18-1.Final_redhat_00001.1.el8ea | 0:5.0.18-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-remoting-jmx | <0:3.0.4-1.Final_redhat_00001.1.el8ea | 0:3.0.4-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-security-negotiation | <0:3.0.6-1.Final_redhat_00001.1.el8ea | 0:3.0.6-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-server-migration | <0:1.3.1-10.Final_redhat_00011.1.el8ea | 0:1.3.1-10.Final_redhat_00011.1.el8ea |
redhat/eap7-jboss-threads | <0:2.3.3-1.Final_redhat_00001.1.el8ea | 0:2.3.3-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jbossws-common | <0:3.2.3-1.Final_redhat_00001.1.el8ea | 0:3.2.3-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jgroups | <0:4.0.20-2.Final_redhat_00002.1.el8ea | 0:4.0.20-2.Final_redhat_00002.1.el8ea |
redhat/eap7-jgroups-azure | <0:1.2.1-1.Final_redhat_00001.1.el8ea | 0:1.2.1-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jgroups-kubernetes | <0:1.0.13-1.Final_redhat_00001.1.el8ea | 0:1.0.13-1.Final_redhat_00001.1.el8ea |
redhat/eap7-narayana | <0:5.9.8-1.Final_redhat_00002.1.el8ea | 0:5.9.8-1.Final_redhat_00002.1.el8ea |
redhat/eap7-opensaml | <0:3.3.1-1.redhat_00002.1.el8ea | 0:3.3.1-1.redhat_00002.1.el8ea |
redhat/eap7-picketbox | <0:5.0.3-7.Final_redhat_00006.1.el8ea | 0:5.0.3-7.Final_redhat_00006.1.el8ea |
redhat/eap7-resteasy | <0:3.6.1-9.SP8_redhat_00001.1.el8ea | 0:3.6.1-9.SP8_redhat_00001.1.el8ea |
redhat/eap7-slf4j-jboss-logmanager | <0:1.0.4-1.GA_redhat_00001.1.el8ea | 0:1.0.4-1.GA_redhat_00001.1.el8ea |
redhat/eap7-smallrye-config | <0:1.3.6-1.SP01_redhat_00001.1.el8ea | 0:1.3.6-1.SP01_redhat_00001.1.el8ea |
redhat/eap7-smallrye-health | <0:1.0.2-2.redhat_00002.1.el8ea | 0:1.0.2-2.redhat_00002.1.el8ea |
redhat/eap7-undertow | <0:2.0.30-2.SP2_redhat_00001.1.el8ea | 0:2.0.30-2.SP2_redhat_00001.1.el8ea |
redhat/eap7-weld-cdi | <2.0-api-0:2.0.0-4.SP1_redhat_00004.1.el8ea | 2.0-api-0:2.0.0-4.SP1_redhat_00004.1.el8ea |
redhat/eap7-wildfly | <0:7.2.8-3.GA_redhat_00002.1.el8ea | 0:7.2.8-3.GA_redhat_00002.1.el8ea |
redhat/eap7-wildfly-elytron | <0:1.6.6-1.Final_redhat_00001.1.el8ea | 0:1.6.6-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-naming-client | <0:1.0.12-1.Final_redhat_00001.1.el8ea | 0:1.0.12-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-transaction-client | <0:1.1.10-1.Final_redhat_00001.1.el8ea | 0:1.1.10-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wss4j | <0:2.2.5-1.redhat_00001.1.el8ea | 0:2.2.5-1.redhat_00001.1.el8ea |
redhat/eap7-apache-cxf | <0:3.3.5-1.redhat_00001.1.el6ea | 0:3.3.5-1.redhat_00001.1.el6ea |
redhat/eap7-elytron-web | <0:1.6.1-1.Final_redhat_00001.1.el6ea | 0:1.6.1-1.Final_redhat_00001.1.el6ea |
redhat/eap7-glassfish-jaxb | <0:2.3.3-4.b02_redhat_00001.1.el6ea | 0:2.3.3-4.b02_redhat_00001.1.el6ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-10.SP09_redhat_00001.1.el6ea | 0:2.3.9-10.SP09_redhat_00001.1.el6ea |
redhat/eap7-hal-console | <0:3.2.8-1.Final_redhat_00001.1.el6ea | 0:3.2.8-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate | <0:5.3.16-1.Final_redhat_00001.1.el6ea | 0:5.3.16-1.Final_redhat_00001.1.el6ea |
redhat/eap7-infinispan | <0:9.4.18-1.Final_redhat_00001.1.el6ea | 0:9.4.18-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar | <0:1.4.20-1.Final_redhat_00001.1.el6ea | 0:1.4.20-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jackson-annotations | <0:2.10.3-1.redhat_00001.1.el6ea | 0:2.10.3-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-core | <0:2.10.3-1.redhat_00001.1.el6ea | 0:2.10.3-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-databind | <0:2.10.3-1.redhat_00001.1.el6ea | 0:2.10.3-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-jaxrs-providers | <0:2.10.3-1.redhat_00001.1.el6ea | 0:2.10.3-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-modules-base | <0:2.10.3-1.redhat_00001.1.el6ea | 0:2.10.3-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-modules-java8 | <0:2.10.3-1.redhat_00001.1.el6ea | 0:2.10.3-1.redhat_00001.1.el6ea |
redhat/eap7-jaegertracing-jaeger-client-java | <0:0.34.3-1.redhat_00001.1.el6ea | 0:0.34.3-1.redhat_00001.1.el6ea |
redhat/eap7-jakarta-el | <0:3.0.3-1.redhat_00002.1.el6ea | 0:3.0.3-1.redhat_00002.1.el6ea |
redhat/eap7-jandex | <0:2.1.2-1.Final_redhat_00001.1.el6ea | 0:2.1.2-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-genericjms | <0:2.0.4-1.Final_redhat_00001.1.el6ea | 0:2.0.4-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-modules | <0:1.10.0-1.Final_redhat_00001.1.el6ea | 0:1.10.0-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration | <0:1.7.1-5.Final_redhat_00006.1.el6ea | 0:1.7.1-5.Final_redhat_00006.1.el6ea |
redhat/eap7-jboss-vfs | <0:3.2.15-1.Final_redhat_00001.1.el6ea | 0:3.2.15-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-weld | <3.1-api-0:3.1.0-6.SP2_redhat_00001.1.el6ea | 3.1-api-0:3.1.0-6.SP2_redhat_00001.1.el6ea |
redhat/eap7-microprofile-config | <0:1.4.0-1.redhat_00003.1.el6ea | 0:1.4.0-1.redhat_00003.1.el6ea |
redhat/eap7-microprofile-health | <0:2.2.0-1.redhat_00001.1.el6ea | 0:2.2.0-1.redhat_00001.1.el6ea |
redhat/eap7-microprofile-metrics | <0:2.3.0-1.redhat_00001.1.el6ea | 0:2.3.0-1.redhat_00001.1.el6ea |
redhat/eap7-microprofile-opentracing | <0:1.3.3-1.redhat_00001.1.el6ea | 0:1.3.3-1.redhat_00001.1.el6ea |
redhat/eap7-microprofile-rest-client | <0:1.4.0-1.redhat_00004.1.el6ea | 0:1.4.0-1.redhat_00004.1.el6ea |
redhat/eap7-picketlink-bindings | <0:2.5.5-23.SP12_redhat_00012.1.el6ea | 0:2.5.5-23.SP12_redhat_00012.1.el6ea |
redhat/eap7-resteasy | <0:3.11.2-3.Final_redhat_00002.1.el6ea | 0:3.11.2-3.Final_redhat_00002.1.el6ea |
redhat/eap7-smallrye-config | <0:1.6.2-3.redhat_00004.1.el6ea | 0:1.6.2-3.redhat_00004.1.el6ea |
redhat/eap7-smallrye-health | <0:2.2.0-1.redhat_00004.1.el6ea | 0:2.2.0-1.redhat_00004.1.el6ea |
redhat/eap7-smallrye-metrics | <0:2.4.0-1.redhat_00004.1.el6ea | 0:2.4.0-1.redhat_00004.1.el6ea |
redhat/eap7-smallrye-opentracing | <0:1.3.4-1.redhat_00004.1.el6ea | 0:1.3.4-1.redhat_00004.1.el6ea |
redhat/eap7-snakeyaml | <0:1.24.0-2.redhat_00001.1.el6ea | 0:1.24.0-2.redhat_00001.1.el6ea |
redhat/eap7-stax2-api | <0:4.2.0-1.redhat_00001.1.el6ea | 0:4.2.0-1.redhat_00001.1.el6ea |
redhat/eap7-sun-istack-commons | <0:3.0.10-1.redhat_00001.1.el6ea | 0:3.0.10-1.redhat_00001.1.el6ea |
redhat/eap7-undertow | <0:2.0.30-3.SP3_redhat_00001.1.el6ea | 0:2.0.30-3.SP3_redhat_00001.1.el6ea |
redhat/eap7-weld-core | <0:3.1.4-1.Final_redhat_00001.1.el6ea | 0:3.1.4-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly | <0:7.3.1-5.GA_redhat_00003.1.el6ea | 0:7.3.1-5.GA_redhat_00003.1.el6ea |
redhat/eap7-wildfly-elytron | <0:1.10.6-1.Final_redhat_00001.1.el6ea | 0:1.10.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-http-client | <0:1.0.20-1.Final_redhat_00001.1.el6ea | 0:1.0.20-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-transaction-client | <0:1.1.11-1.Final_redhat_00001.1.el6ea | 0:1.1.11-1.Final_redhat_00001.1.el6ea |
redhat/eap7-woodstox-core | <0:6.0.3-1.redhat_00001.1.el6ea | 0:6.0.3-1.redhat_00001.1.el6ea |
redhat/eap7-apache-cxf | <0:3.3.5-1.redhat_00001.1.el7ea | 0:3.3.5-1.redhat_00001.1.el7ea |
redhat/eap7-elytron-web | <0:1.6.1-1.Final_redhat_00001.1.el7ea | 0:1.6.1-1.Final_redhat_00001.1.el7ea |
redhat/eap7-glassfish-jaxb | <0:2.3.3-4.b02_redhat_00001.1.el7ea | 0:2.3.3-4.b02_redhat_00001.1.el7ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-10.SP09_redhat_00001.1.el7ea | 0:2.3.9-10.SP09_redhat_00001.1.el7ea |
redhat/eap7-hal-console | <0:3.2.8-1.Final_redhat_00001.1.el7ea | 0:3.2.8-1.Final_redhat_00001.1.el7ea |
redhat/eap7-hibernate | <0:5.3.16-1.Final_redhat_00001.1.el7ea | 0:5.3.16-1.Final_redhat_00001.1.el7ea |
redhat/eap7-infinispan | <0:9.4.18-1.Final_redhat_00001.1.el7ea | 0:9.4.18-1.Final_redhat_00001.1.el7ea |
redhat/eap7-ironjacamar | <0:1.4.20-1.Final_redhat_00001.1.el7ea | 0:1.4.20-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jackson-annotations | <0:2.10.3-1.redhat_00001.1.el7ea | 0:2.10.3-1.redhat_00001.1.el7ea |
redhat/eap7-jackson-core | <0:2.10.3-1.redhat_00001.1.el7ea | 0:2.10.3-1.redhat_00001.1.el7ea |
redhat/eap7-jackson-databind | <0:2.10.3-1.redhat_00001.1.el7ea | 0:2.10.3-1.redhat_00001.1.el7ea |
redhat/eap7-jackson-jaxrs-providers | <0:2.10.3-1.redhat_00001.1.el7ea | 0:2.10.3-1.redhat_00001.1.el7ea |
redhat/eap7-jackson-modules-base | <0:2.10.3-1.redhat_00001.1.el7ea | 0:2.10.3-1.redhat_00001.1.el7ea |
redhat/eap7-jackson-modules-java8 | <0:2.10.3-1.redhat_00001.1.el7ea | 0:2.10.3-1.redhat_00001.1.el7ea |
redhat/eap7-jaegertracing-jaeger-client-java | <0:0.34.3-1.redhat_00001.1.el7ea | 0:0.34.3-1.redhat_00001.1.el7ea |
redhat/eap7-jakarta-el | <0:3.0.3-1.redhat_00002.1.el7ea | 0:3.0.3-1.redhat_00002.1.el7ea |
redhat/eap7-jandex | <0:2.1.2-1.Final_redhat_00001.1.el7ea | 0:2.1.2-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-genericjms | <0:2.0.4-1.Final_redhat_00001.1.el7ea | 0:2.0.4-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-modules | <0:1.10.0-1.Final_redhat_00001.1.el7ea | 0:1.10.0-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-server-migration | <0:1.7.1-5.Final_redhat_00006.1.el7ea | 0:1.7.1-5.Final_redhat_00006.1.el7ea |
redhat/eap7-jboss-vfs | <0:3.2.15-1.Final_redhat_00001.1.el7ea | 0:3.2.15-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-weld | <3.1-api-0:3.1.0-6.SP2_redhat_00001.1.el7ea | 3.1-api-0:3.1.0-6.SP2_redhat_00001.1.el7ea |
redhat/eap7-microprofile-config | <0:1.4.0-1.redhat_00003.1.el7ea | 0:1.4.0-1.redhat_00003.1.el7ea |
redhat/eap7-microprofile-health | <0:2.2.0-1.redhat_00001.1.el7ea | 0:2.2.0-1.redhat_00001.1.el7ea |
redhat/eap7-microprofile-metrics | <0:2.3.0-1.redhat_00001.1.el7ea | 0:2.3.0-1.redhat_00001.1.el7ea |
redhat/eap7-microprofile-opentracing | <0:1.3.3-1.redhat_00001.1.el7ea | 0:1.3.3-1.redhat_00001.1.el7ea |
redhat/eap7-microprofile-rest-client | <0:1.4.0-1.redhat_00004.1.el7ea | 0:1.4.0-1.redhat_00004.1.el7ea |
redhat/eap7-picketlink-bindings | <0:2.5.5-23.SP12_redhat_00012.1.el7ea | 0:2.5.5-23.SP12_redhat_00012.1.el7ea |
redhat/eap7-resteasy | <0:3.11.2-3.Final_redhat_00002.1.el7ea | 0:3.11.2-3.Final_redhat_00002.1.el7ea |
redhat/eap7-smallrye-config | <0:1.6.2-3.redhat_00004.1.el7ea | 0:1.6.2-3.redhat_00004.1.el7ea |
redhat/eap7-smallrye-health | <0:2.2.0-1.redhat_00004.1.el7ea | 0:2.2.0-1.redhat_00004.1.el7ea |
redhat/eap7-smallrye-metrics | <0:2.4.0-1.redhat_00004.1.el7ea | 0:2.4.0-1.redhat_00004.1.el7ea |
redhat/eap7-smallrye-opentracing | <0:1.3.4-1.redhat_00004.1.el7ea | 0:1.3.4-1.redhat_00004.1.el7ea |
redhat/eap7-snakeyaml | <0:1.24.0-2.redhat_00001.1.el7ea | 0:1.24.0-2.redhat_00001.1.el7ea |
redhat/eap7-stax2-api | <0:4.2.0-1.redhat_00001.1.el7ea | 0:4.2.0-1.redhat_00001.1.el7ea |
redhat/eap7-sun-istack-commons | <0:3.0.10-1.redhat_00001.1.el7ea | 0:3.0.10-1.redhat_00001.1.el7ea |
redhat/eap7-undertow | <0:2.0.30-3.SP3_redhat_00001.1.el7ea | 0:2.0.30-3.SP3_redhat_00001.1.el7ea |
redhat/eap7-weld-core | <0:3.1.4-1.Final_redhat_00001.1.el7ea | 0:3.1.4-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly | <0:7.3.1-5.GA_redhat_00003.1.el7ea | 0:7.3.1-5.GA_redhat_00003.1.el7ea |
redhat/eap7-wildfly-elytron | <0:1.10.6-1.Final_redhat_00001.1.el7ea | 0:1.10.6-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-http-client | <0:1.0.20-1.Final_redhat_00001.1.el7ea | 0:1.0.20-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-transaction-client | <0:1.1.11-1.Final_redhat_00001.1.el7ea | 0:1.1.11-1.Final_redhat_00001.1.el7ea |
redhat/eap7-woodstox-core | <0:6.0.3-1.redhat_00001.1.el7ea | 0:6.0.3-1.redhat_00001.1.el7ea |
redhat/eap7-apache-cxf | <0:3.3.5-1.redhat_00001.1.el8ea | 0:3.3.5-1.redhat_00001.1.el8ea |
redhat/eap7-elytron-web | <0:1.6.1-1.Final_redhat_00001.1.el8ea | 0:1.6.1-1.Final_redhat_00001.1.el8ea |
redhat/eap7-glassfish-jaxb | <0:2.3.3-4.b02_redhat_00001.1.el8ea | 0:2.3.3-4.b02_redhat_00001.1.el8ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-10.SP09_redhat_00001.1.el8ea | 0:2.3.9-10.SP09_redhat_00001.1.el8ea |
redhat/eap7-hal-console | <0:3.2.8-1.Final_redhat_00001.1.el8ea | 0:3.2.8-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hibernate | <0:5.3.16-1.Final_redhat_00001.1.el8ea | 0:5.3.16-1.Final_redhat_00001.1.el8ea |
redhat/eap7-infinispan | <0:9.4.18-1.Final_redhat_00001.1.el8ea | 0:9.4.18-1.Final_redhat_00001.1.el8ea |
redhat/eap7-ironjacamar | <0:1.4.20-1.Final_redhat_00001.1.el8ea | 0:1.4.20-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jackson-annotations | <0:2.10.3-1.redhat_00001.1.el8ea | 0:2.10.3-1.redhat_00001.1.el8ea |
redhat/eap7-jackson-core | <0:2.10.3-1.redhat_00001.1.el8ea | 0:2.10.3-1.redhat_00001.1.el8ea |
redhat/eap7-jackson-databind | <0:2.10.3-1.redhat_00001.1.el8ea | 0:2.10.3-1.redhat_00001.1.el8ea |
redhat/eap7-jackson-jaxrs-providers | <0:2.10.3-1.redhat_00001.1.el8ea | 0:2.10.3-1.redhat_00001.1.el8ea |
redhat/eap7-jackson-modules-base | <0:2.10.3-1.redhat_00001.1.el8ea | 0:2.10.3-1.redhat_00001.1.el8ea |
redhat/eap7-jackson-modules-java8 | <0:2.10.3-1.redhat_00001.1.el8ea | 0:2.10.3-1.redhat_00001.1.el8ea |
redhat/eap7-jaegertracing-jaeger-client-java | <0:0.34.3-1.redhat_00001.1.el8ea | 0:0.34.3-1.redhat_00001.1.el8ea |
redhat/eap7-jakarta-el | <0:3.0.3-1.redhat_00002.1.el8ea | 0:3.0.3-1.redhat_00002.1.el8ea |
redhat/eap7-jandex | <0:2.1.2-1.Final_redhat_00001.1.el8ea | 0:2.1.2-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-genericjms | <0:2.0.4-1.Final_redhat_00001.1.el8ea | 0:2.0.4-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-modules | <0:1.10.0-1.Final_redhat_00001.1.el8ea | 0:1.10.0-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-server-migration | <0:1.7.1-5.Final_redhat_00006.1.el8ea | 0:1.7.1-5.Final_redhat_00006.1.el8ea |
redhat/eap7-jboss-vfs | <0:3.2.15-1.Final_redhat_00001.1.el8ea | 0:3.2.15-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-weld | <3.1-api-0:3.1.0-6.SP2_redhat_00001.1.el8ea | 3.1-api-0:3.1.0-6.SP2_redhat_00001.1.el8ea |
redhat/eap7-microprofile-config | <0:1.4.0-1.redhat_00003.1.el8ea | 0:1.4.0-1.redhat_00003.1.el8ea |
redhat/eap7-microprofile-health | <0:2.2.0-1.redhat_00001.1.el8ea | 0:2.2.0-1.redhat_00001.1.el8ea |
redhat/eap7-microprofile-metrics | <0:2.3.0-1.redhat_00001.1.el8ea | 0:2.3.0-1.redhat_00001.1.el8ea |
redhat/eap7-microprofile-opentracing | <0:1.3.3-1.redhat_00001.1.el8ea | 0:1.3.3-1.redhat_00001.1.el8ea |
redhat/eap7-microprofile-rest-client | <0:1.4.0-1.redhat_00004.1.el8ea | 0:1.4.0-1.redhat_00004.1.el8ea |
redhat/eap7-picketlink-bindings | <0:2.5.5-23.SP12_redhat_00012.1.el8ea | 0:2.5.5-23.SP12_redhat_00012.1.el8ea |
redhat/eap7-resteasy | <0:3.11.2-3.Final_redhat_00002.1.el8ea | 0:3.11.2-3.Final_redhat_00002.1.el8ea |
redhat/eap7-smallrye-config | <0:1.6.2-3.redhat_00004.1.el8ea | 0:1.6.2-3.redhat_00004.1.el8ea |
redhat/eap7-smallrye-health | <0:2.2.0-1.redhat_00004.1.el8ea | 0:2.2.0-1.redhat_00004.1.el8ea |
redhat/eap7-smallrye-metrics | <0:2.4.0-1.redhat_00004.1.el8ea | 0:2.4.0-1.redhat_00004.1.el8ea |
redhat/eap7-smallrye-opentracing | <0:1.3.4-1.redhat_00004.1.el8ea | 0:1.3.4-1.redhat_00004.1.el8ea |
redhat/eap7-snakeyaml | <0:1.24.0-2.redhat_00001.1.el8ea | 0:1.24.0-2.redhat_00001.1.el8ea |
redhat/eap7-stax2-api | <0:4.2.0-1.redhat_00001.1.el8ea | 0:4.2.0-1.redhat_00001.1.el8ea |
redhat/eap7-sun-istack-commons | <0:3.0.10-1.redhat_00001.1.el8ea | 0:3.0.10-1.redhat_00001.1.el8ea |
redhat/eap7-undertow | <0:2.0.30-3.SP3_redhat_00001.1.el8ea | 0:2.0.30-3.SP3_redhat_00001.1.el8ea |
redhat/eap7-weld-core | <0:3.1.4-1.Final_redhat_00001.1.el8ea | 0:3.1.4-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly | <0:7.3.1-5.GA_redhat_00003.1.el8ea | 0:7.3.1-5.GA_redhat_00003.1.el8ea |
redhat/eap7-wildfly-elytron | <0:1.10.6-1.Final_redhat_00001.1.el8ea | 0:1.10.6-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-http-client | <0:1.0.20-1.Final_redhat_00001.1.el8ea | 0:1.0.20-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-transaction-client | <0:1.1.11-1.Final_redhat_00001.1.el8ea | 0:1.1.11-1.Final_redhat_00001.1.el8ea |
redhat/eap7-woodstox-core | <0:6.0.3-1.redhat_00001.1.el8ea | 0:6.0.3-1.redhat_00001.1.el8ea |
Redhat Undertow | <2.1.0 | |
Redhat Undertow | =2.0.0-sp1 | |
Redhat Undertow | =2.0.25-sp1 | |
Redhat Undertow | =2.0.26-sp3 | |
Redhat Undertow | =2.0.28-sp1 | |
Redhat Undertow | =2.0.28-sp2 | |
Redhat Jboss Data Grid | =7.0.0 | |
Redhat Jboss Enterprise Application Platform | =7.0.0 | |
Redhat Jboss Fuse | =6.0.0 | |
Redhat Jboss Fuse | =7.0.0 | |
Redhat Openshift Application Runtimes | ||
Redhat Single Sign-on | =7.0 |
The issue can be mitigated by configuring UrlPathHelper to ignore the servletPath via setting "alwaysUseFullPath".
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)