Your submission was sent successfully! Close

CVE-2019-10184

Published: 25 July 2019

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
undertow
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri)
Released (2.0.23-1)
Ubuntu 21.04 (Hirsute Hippo)
Released (2.0.23-1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2.0.23-1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist