CVE-2019-10184 MEDIUM

CVE-2019-10184

Vendor Undertow-Io
Product undertow
Weakness CWE-862 · Missing authorization
Published July 25, 2019
Last update August 4, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Key dates

02Disclosure timeline

July 25, 2019 CVE published
August 4, 2024 Record updated