{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1459", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-02-12T20:12:13.991Z", "datePublished": "2024-02-12T20:30:03.768Z", "dateUpdated": "2025-10-24T14:25:34.241Z"}, "containers": {"cna": {"title": "Undertow: directory traversal vulnerability", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "2.3.12", "versionType": "custom"}], "packageName": "undertow", "collectionURL": "https://github.com/undertow-io/undertow", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-activemq-artemis", "defaultStatus": "affected", "versions": [{"version": "0:2.16.0-18.redhat_00052.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-apache-cxf", "defaultStatus": "affected", "versions": [{"version": "0:3.4.10-2.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-eclipse-jgit", "defaultStatus": "affected", "versions": [{"version": "0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-elytron-web", "defaultStatus": "affected", "versions": [{"version": "0:1.9.4-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-hal-console", "defaultStatus": "affected", "versions": [{"version": "0:3.3.21-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-hibernate", "defaultStatus": "affected", "versions": [{"version": "0:5.3.36-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-infinispan", "defaultStatus": "affected", "versions": [{"version": "0:11.0.18-2.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-insights-java-client", "defaultStatus": "affected", "versions": [{"version": "0:1.1.2-1.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jberet", "defaultStatus": "affected", "versions": [{"version": "0:1.3.9-3.SP3_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-annotations-api_1.3_spec", "defaultStatus": "affected", "versions": [{"version": "0:2.0.1-3.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-cert-helper", "defaultStatus": "affected", "versions": [{"version": "0:1.1.2-1.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-remoting", "defaultStatus": "affected", "versions": [{"version": "0:5.0.27-4.SP2_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-server-migration", "defaultStatus": "affected", "versions": [{"version": "0:1.10.0-35.Final_redhat_00034.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-xnio-base", "defaultStatus": "affected", "versions": [{"version": "0:3.8.12-1.SP2_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jgroups-kubernetes", "defaultStatus": "affected", "versions": [{"version": "0:1.0.17-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-lucene-solr", "defaultStatus": "affected", "versions": [{"version": "0:5.5.5-6.redhat_2.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [{"version": "0:2.2.30-1.SP1_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly", "defaultStatus": "affected", "versions": [{"version": "0:7.4.16-4.GA_redhat_00002.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly-elytron", "defaultStatus": "affected", "versions": [{"version": "0:1.15.22-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-activemq-artemis", "defaultStatus": "affected", "versions": [{"version": "0:2.16.0-18.redhat_00052.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-apache-cxf", "defaultStatus": "affected", "versions": [{"version": "0:3.4.10-2.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-eclipse-jgit", "defaultStatus": "affected", "versions": [{"version": "0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-elytron-web", "defaultStatus": "affected", "versions": [{"version": "0:1.9.4-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-hal-console", "defaultStatus": "affected", "versions": [{"version": "0:3.3.21-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-hibernate", "defaultStatus": "affected", "versions": [{"version": "0:5.3.36-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-infinispan", "defaultStatus": "affected", "versions": [{"version": "0:11.0.18-2.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-insights-java-client", "defaultStatus": "affected", "versions": [{"version": "0:1.1.2-1.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jberet", "defaultStatus": "affected", "versions": [{"version": "0:1.3.9-3.SP3_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-annotations-api_1.3_spec", "defaultStatus": "affected", "versions": [{"version": "0:2.0.1-3.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-cert-helper", "defaultStatus": "affected", "versions": [{"version": "0:1.1.2-1.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-remoting", "defaultStatus": "affected", "versions": [{"version": "0:5.0.27-4.SP2_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-server-migration", "defaultStatus": "affected", "versions": [{"version": "0:1.10.0-35.Final_redhat_00034.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-xnio-base", "defaultStatus": "affected", "versions": [{"version": "0:3.8.12-1.SP2_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jgroups-kubernetes", "defaultStatus": "affected", "versions": [{"version": "0:1.0.17-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-lucene-solr", "defaultStatus": "affected", "versions": [{"version": "0:5.5.5-6.redhat_2.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [{"version": "0:2.2.30-1.SP1_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly", "defaultStatus": "affected", "versions": [{"version": "0:7.4.16-4.GA_redhat_00002.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly-elytron", "defaultStatus": "affected", "versions": [{"version": "0:1.15.22-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-activemq-artemis", "defaultStatus": "affected", "versions": [{"version": "0:2.16.0-18.redhat_00052.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-apache-cxf", "defaultStatus": "affected", "versions": [{"version": "0:3.4.10-2.redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-eclipse-jgit", "defaultStatus": "affected", "versions": [{"version": "0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-elytron-web", "defaultStatus": "affected", "versions": [{"version": "0:1.9.4-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-hal-console", "defaultStatus": "affected", "versions": [{"version": "0:3.3.21-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-hibernate", "defaultStatus": "affected", "versions": [{"version": "0:5.3.36-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-infinispan", "defaultStatus": "affected", "versions": [{"version": "0:11.0.18-2.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-insights-java-client", "defaultStatus": "affected", "versions": [{"version": "0:1.1.2-1.redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jberet", "defaultStatus": "affected", "versions": [{"version": "0:1.3.9-3.SP3_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-annotations-api_1.3_spec", "defaultStatus": "affected", "versions": [{"version": "0:2.0.1-3.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-cert-helper", "defaultStatus": "affected", "versions": [{"version": "0:1.1.2-1.redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-remoting", "defaultStatus": "affected", "versions": [{"version": "0:5.0.27-4.SP2_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-server-migration", "defaultStatus": "affected", "versions": [{"version": "0:1.10.0-35.Final_redhat_00034.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-xnio-base", "defaultStatus": "affected", "versions": [{"version": "0:3.8.12-1.SP2_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jgroups-kubernetes", "defaultStatus": "affected", "versions": [{"version": "0:1.0.17-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-lucene-solr", "defaultStatus": "affected", "versions": [{"version": "0:5.5.5-6.redhat_2.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [{"version": "0:2.2.30-1.SP1_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly", "defaultStatus": "affected", "versions": [{"version": "0:7.4.16-4.GA_redhat_00002.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly-elytron", "defaultStatus": "affected", "versions": [{"version": "0:1.15.22-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-undertow", "defaultStatus": "affected", "versions": [{"version": "0:2.3.11-1.SP1_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-undertow", "defaultStatus": "affected", "versions": [{"version": "0:2.3.11-1.SP1_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Quarkus", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "io.quarkus/quarkus-undertow", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:quarkus:2"]}, {"vendor": "Red Hat", "product": "Red Hat Data Grid 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:jboss_data_grid:8"]}, {"vendor": "Red Hat", "product": "Red Hat Decision Manager 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_enterprise_brms_platform:7"]}, {"vendor": "Red Hat", "product": "Red Hat Fuse 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_data_grid:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Fuse 6", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse:6"]}, {"vendor": "Red Hat", "product": "Red Hat Process Automation 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1674", "name": "RHSA-2024:1674", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1675", "name": "RHSA-2024:1675", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1676", "name": "RHSA-2024:1676", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2763", "name": "RHSA-2024:2763", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2764", "name": "RHSA-2024:2764", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1459", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475", "name": "RHBZ#2259475", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-01-18T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-24", "description": "Path Traversal: '../filedir'", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-24: Path Traversal: '../filedir'", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-01-18T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-18T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank AAIB IT Unix Team for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-10-24T14:25:34.241Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1459", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-13T15:51:43.437025Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:26.959Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1677", "name": "RHSA-2024:1677", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2763", "name": "RHSA-2024:2763", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2764", "name": "RHSA-2024:2764", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1459", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475", "name": "RHBZ#2259475", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20241122-0008/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-22T12:04:46.762Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1677", "name": "RHSA-2024:1677", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2763", "name": "RHSA-2024:2763", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2764", "name": "RHSA-2024:2764", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1459", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475", "name": "RHBZ#2259475", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20241122-0008/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-22T12:04:46.762Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1459", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-13T15:51:43.437025Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:43.135Z"}}], "cna": {"title": "Undertow: directory traversal vulnerability", "credits": [{"lang": "en", "value": "Red Hat would like to thank AAIB IT Unix Team for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "2.3.12", "versionType": "custom"}], "packageName": "undertow", "collectionURL": "https://github.com/undertow-io/undertow", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:2.16.0-18.redhat_00052.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-activemq-artemis", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.4.10-2.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-apache-cxf", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-eclipse-jgit", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.9.4-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-elytron-web", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.3.21-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-hal-console", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:5.3.36-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-hibernate", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:11.0.18-2.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-infinispan", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-insights-java-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.3.9-3.SP3_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jberet", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:2.0.1-3.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-annotations-api_1.3_spec", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-cert-helper", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:5.0.27-4.SP2_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-remoting", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.10.0-35.Final_redhat_00034.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-server-migration", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.8.12-1.SP2_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-xnio-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.0.17-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jgroups-kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:5.5.5-6.redhat_2.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-lucene-solr", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:7.4.16-4.GA_redhat_00002.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.15.22-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-elytron", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.16.0-18.redhat_00052.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-activemq-artemis", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.4.10-2.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-apache-cxf", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-eclipse-jgit", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.9.4-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-elytron-web", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.3.21-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-hal-console", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:5.3.36-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-hibernate", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:11.0.18-2.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-infinispan", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-insights-java-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.3.9-3.SP3_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jberet", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.0.1-3.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-annotations-api_1.3_spec", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-cert-helper", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:5.0.27-4.SP2_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-remoting", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.10.0-35.Final_redhat_00034.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-server-migration", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.8.12-1.SP2_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-xnio-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.0.17-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jgroups-kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:5.5.5-6.redhat_2.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-lucene-solr", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:7.4.16-4.GA_redhat_00002.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.15.22-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-elytron", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.16.0-18.redhat_00052.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-activemq-artemis", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:3.4.10-2.redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-apache-cxf", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-eclipse-jgit", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.9.4-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-elytron-web", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:3.3.21-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-hal-console", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:5.3.36-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-hibernate", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:11.0.18-2.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-infinispan", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-insights-java-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.3.9-3.SP3_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jberet", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.0.1-3.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-annotations-api_1.3_spec", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-cert-helper", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:5.0.27-4.SP2_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-remoting", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.10.0-35.Final_redhat_00034.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-server-migration", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:3.8.12-1.SP2_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-xnio-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.0.17-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jgroups-kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:5.5.5-6.redhat_2.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-lucene-solr", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:7.4.16-4.GA_redhat_00002.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.15.22-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-elytron", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:2.3.11-1.SP1_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap8-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.3.11-1.SP1_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap8-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quarkus:2"], "vendor": "Red Hat", "product": "Red Hat build of Quarkus", "packageName": "io.quarkus/quarkus-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "vendor": "Red Hat", "product": "Red Hat Data Grid 8", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_brms_platform:7"], "vendor": "Red Hat", "product": "Red Hat Decision Manager 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:7"], "vendor": "Red Hat", "product": "Red Hat Fuse 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:6"], "vendor": "Red Hat", "product": "Red Hat JBoss Fuse 6", "packageName": "undertow", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"], "vendor": "Red Hat", "product": "Red Hat Process Automation 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2024-01-18T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-18T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-01-18T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1674", "name": "RHSA-2024:1674", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1675", "name": "RHSA-2024:1675", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1676", "name": "RHSA-2024:1676", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2763", "name": "RHSA-2024:2763", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2764", "name": "RHSA-2024:2764", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1459", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475", "name": "RHBZ#2259475", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-24", "description": "Path Traversal: '../filedir'"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-10-24T14:25:34.241Z"}, "x_redhatCweChain": "CWE-24: Path Traversal: '../filedir'"}}, "cveMetadata": {"cveId": "CVE-2024-1459", "state": "PUBLISHED", "dateUpdated": "2025-10-24T14:25:34.241Z", "dateReserved": "2024-02-12T20:12:13.991Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-02-12T20:30:03.768Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:undertow:-:*:*:*:*:*:*:*", "matchCriteriaId": "8190B427-8350-43AE-8F54-6A40B701C95E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de path traversal en Undertow. Este problema puede permitir que un atacante remoto agregue una secuencia especialmente manipulada a una solicitud HTTP para una aplicaci\u00f3n implementada en JBoss EAP, lo que puede permitir el acceso a archivos y directorios privilegiados o restringidos."}], "id": "CVE-2024-1459", "lastModified": "2025-10-24T14:15:38.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-12T21:15:08.533", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1674"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1675"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1676"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2763"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2764"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-1459"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:2763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:2764"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-1459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20241122-0008/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-24"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank AAIB IT Unix Team for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:1677", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1675", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1676", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1674", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:2763", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "product_name": "Red Hat JBoss Enterprise Application Platform 8", "release_date": "2024-05-08T00:00:00Z"}, {"advisory": "RHSA-2024:2764", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2024-05-08T00:00:00Z"}, {"advisory": "RHSA-2024:2764", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-05-08T00:00:00Z"}], "bugzilla": {"description": "undertow: directory traversal vulnerability", "id": "2259475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-24", "details": ["A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-1459", "package_state": [{"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "io.quarkus/quarkus-undertow", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Will not fix", "package_name": "undertow", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2024-01-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-1459\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1459"], "threat_severity": "Moderate"}