What is CVE-2014-7816?

CVE-2014-7816 is a vulnerability in Microsoft Windows, classified under Path Traversal. Published 2014-12-01.

Is CVE-2014-7816 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Microsoft Windows

CVE-2014-7816

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.552 (98.1th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows
Redhat Undertow
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
71328 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
[oss-security] 20141126 CVE-2014-7816 Undertow (on Windows): Information disclosure via directory traversal (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2014-7816?: CVE-2014-7816 is a vulnerability in Microsoft Windows, classified under Path Traversal. Published 2014-12-01.
Is CVE-2014-7816 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.