Home > Vulnerability Database > CVE-2019-10184

Mend.io Vulnerability Database

CVE-2019-10184

Good to know:

Date: July 25, 2019

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Language: Java

Severity Score

7.5

Related Resources (18)

Url: https://access.redhat.com/errata/RHSA-2019:3046

Url: https://access.redhat.com/errata/RHSA-2019:3045

Url: https://access.redhat.com/errata/RHSA-2019:3050

Url: https://access.redhat.com/errata/RHSA-2019:3044

Url: https://security.netapp.com/advisory/ntap-20220210-0016

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-10184

Url: https://security.netapp.com/advisory/ntap-20220210-0016/

Url: https://issues.redhat.com/browse/UNDERTOW-1578

Url: https://access.redhat.com/errata/RHSA-2020:0727

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184

Url: https://access.redhat.com/errata/RHSA-2019:2935

Url: https://access.redhat.com/errata/RHSA-2019:2998

Url: https://github.com/undertow-io/undertow/pull/794

Url: https://github.com/undertow-io/undertow/commit/5fa7ac68c0e4251c93056d9982db5e794e04ebfa

Url: https://access.redhat.com/errata/RHSA-2019:2938

Url: https://access.redhat.com/errata/RHSA-2019:2937

Url: https://access.redhat.com/errata/RHSA-2019:2936

Url: https://www.mend.io/vulnerability-database/CVE-2019-10184

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version 2.0.23.Final

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-10184

Good to know:

Date: July 25, 2019

Language: Java

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?