CVE-2019-10184

NameCVE-2019-10184
Descriptionundertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
undertow (PTS)bullseye, sid2.0.30-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
undertowsource(unstable)2.0.23-1

Notes

https://issues.jboss.org/browse/UNDERTOW-1578
https://github.com/undertow-io/undertow/pull/794

Search for package or bug name: Reporting problems