Skip to content
GitLab
Explore
Sign in
Register
Commits on Source (3)
CVE-2018-1047,wildfly/undertow: Add link to pull request
· 95bdbe58
Markus Koschany
authored
Mar 02, 2018
95bdbe58
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
· 9b4cc6d2
Markus Koschany
authored
Mar 02, 2018
9b4cc6d2
CVE-2017-7559,undertow: Fixed in 1.4.23-1.
· 4710fae5
Markus Koschany
authored
Mar 02, 2018
4710fae5
Show whitespace changes
Inline
Side-by-side
data/CVE/list
View file @
4710fae5
...
...
@@ -17736,6 +17736,8 @@ CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path traversal vulnerability .
- undertow <unfixed> (bug #891929)
NOTE: https://issues.jboss.org/browse/WFLY-9620
NOTE: https://developer.jboss.org/thread/276826
NOTE: Fixed by https://github.com/wildfly/wildfly/pull/10748
NOTE: It looks more like an issue in WildFly. Not 100% sure though.
TODO: check, issue in undertow or WildFly?
CVE-2018-1046
RESERVED
...
...
@@ -49505,7 +49507,7 @@ CVE-2017-7560 (It was found that rhnsd PID files are created as world-writable t
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1480550
NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e
CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and ...)
- undertow
<unfixed>
(bug #885576)
- undertow
1.4.23-1
(bug #885576)
NOTE: CVE is for an incomplete fix of CVE-2017-2666
NOTE: Invalid characters were still allowed in the query string and path parameters.
NOTE: https://issues.jboss.org/browse/UNDERTOW-1251
