CVE-2015-3198

Published: Jul 21, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.

Affected (3)

Products: Redhat: Jboss Wildfly Application Server

1 product

Jboss Wildfly Application Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Wildfly Application Server	Version 9.0.0 beta1
Redhat Jboss Wildfly Application Server	Version 9.0.0 beta2
Redhat Jboss Wildfly Application Server	Version 9.0.0 cr1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=1224787

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://developer.jboss.org/message/927301#927301

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://issues.jboss.org/browse/WFLY-4595

Source: secalert@redhat.com

Third Party Advisory

https://stackoverflow.com/questions/30028346/with-trailing-slash-in-url-jsp-show-source-code

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1224787

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://developer.jboss.org/message/927301#927301

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://issues.jboss.org/browse/WFLY-4595

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://stackoverflow.com/questions/30028346/with-trailing-slash-in-url-jsp-show-source-code

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.