漏洞类别:CGI
漏洞等级: 
漏洞信息
WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms.
An incomplete-blacklist flaw was found in the blacklisting of URLs in Wildfly. Due to this vulnerability in the servlet filter restriction mechanism allows remote, unauthenticated attackers to read the sensitive files in the WEB-INF or META-INF directory via a request that contains lowercase or arbitrary characters.
Affected Versions:
WildFly (formerly JBoss Application Server) prior to 10.0.0.Final on Windows
漏洞危害
Successful exploitation allows an unauthenticated, remote attacker to gain access to sensitive files on a targeted server.
解决方案
Customers are advised to install Red Hat WildFly 10.0.0.Final or later to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论