CVE-2024-1459

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 12, 2024
Updated: May 15, 2024
CWE ID 24

Summary

CVE-2024-1459 is a newly disclosed vulnerability affecting Undertow, a component of JBoss Enterprise Application Platform (EAP). This issue involves a path traversal flaw, which can be exploited by remote attackers. By appending a malicious sequence to HTTP requests, they may gain unauthorized access to sensitive files and directories, potentially leading to privileged information disclosure or system compromise. This vulnerability poses a significant risk and requires prompt remediation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share