CVE-2014-7816
23Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 25%
from disclosure to weapon0 days
Published on NVDDec 1
metasploitOct 22
exploitation probability
25%top 2% of all CVEs
observed exploitation
nono source reports it
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
Affected products
n/a · n/a