CVE-2024-1459 MEDIUM

CVE-2024-1459: Undertow: directory traversal vulnerability

Vendor Red Hat
Product Red Hat JBoss Enterprise Application Platform 8
Weakness CWE-24
Published February 12, 2024
Last update November 11, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.

Key dates

02Disclosure timeline

February 12, 2024 CVE published
November 11, 2025 Record updated