Vulnerability Details : CVE-2016-0793
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
Vulnerability category: Information leak
Products affected by CVE-2016-0793
- cpe:2.3:a:redhat:jboss_wildfly_application_server:10.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0793
9.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0793
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-0793
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0793
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_us
HPESBHF03784 rev.1 - HPE B-Series SAN Network Advisor Software Running WildFly (formerly JBoss Application Server), Remote Disclosure of Information
-
https://bugzilla.redhat.com/show_bug.cgi?id=1305937
1305937 – (CVE-2016-0793) CVE-2016-0793 wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction BypassVendor Advisory
-
https://www.exploit-db.com/exploits/39573/
Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass
-
http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.html
Wildfly Filter Restriction Bypass / Information Disclosure ≈ Packet Storm
-
https://security.netapp.com/advisory/ntap-20180215-0001/
CVE-2016-0793 Wildfly Vulnerability in NetApp Products | NetApp Product Security
Jump to