{"id":"CVE-2018-1047","details":"A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.","aliases":["GHSA-fmr4-w67p-vh8x"],"modified":"2026-03-20T11:24:54.432076Z","published":"2018-01-24T23:29:00.527Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2938"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1247"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1248"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1249"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1251"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1528361"},{"type":"REPORT","url":"https://issues.jboss.org/browse/WFLY-9620"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wildfly/wildfly","events":[{"introduced":"0"},{"last_affected":"bb382e0b0c80920ae33d9ef4bb568a28cc7e8477"},{"introduced":"0"},{"last_affected":"dd94d593ea684ed80e88f708d742f32cd321aec1"},{"introduced":"0"},{"last_affected":"4b6828ba90ba25d1c0f126d9c6fcd24c38472ec3"},{"introduced":"0"},{"last_affected":"89ba74569dbaafa2354d48d7586adf2d0887bc10"},{"introduced":"0"},{"last_affected":"b1ac71d52b504dbf740b13472b7c38852fa77eec"},{"introduced":"0"},{"last_affected":"56d0d601c396dcfca53e1fe1ab0322869f3e1dc3"},{"introduced":"0"},{"last_affected":"3fbeffe9495e0a7073eedd4a5bfb3a1de6d8f201"},{"introduced":"0"},{"last_affected":"f52e8d79b9eff90b8c063e1c96d1c37be746c807"},{"introduced":"0"},{"last_affected":"270c8e07135cca2eba43e00727bad171822aff70"},{"introduced":"0"},{"last_affected":"d71e1b2ee97e6d4c9b9e648031b0c85187c42e58"},{"introduced":"0"},{"last_affected":"1dd4c59a9f4d267583710fa324605e28bb35f73a"},{"introduced":"0"},{"last_affected":"b31edb322399608018e53d28df49b62cea042654"},{"introduced":"0"},{"last_affected":"a831af819cf422642eaece9d75e3b0379c2017a7"},{"introduced":"0"},{"last_affected":"1fadb169e89f1f7a6b16b1c398829dcd633bbb1c"},{"introduced":"0"},{"last_affected":"2320f4776a3bd3a6a7592209b207116607bd00c0"},{"introduced":"0"},{"last_affected":"286ec956ffd9ae730d960282b7a456fe649addcb"},{"introduced":"0"},{"last_affected":"80efb93b7cdb44b82efb212b1e18a9befff996d2"},{"introduced":"0"},{"last_affected":"8e8c168709dc8e2f8906782620646d26eca03eb9"},{"introduced":"0"},{"last_affected":"bee82ccf23eb87f2e9acf0a4e04b5ffa113f956b"},{"introduced":"0"},{"last_affected":"ef9dac9eb5c1bacfd6ff10b313a6f272019febb7"},{"introduced":"0"},{"last_affected":"2a1457307dbbc6c24111033c54f673f50da1666a"},{"introduced":"0"},{"last_affected":"c3332cec0c9bc5dc57899c2ae7ba26dd0c627686"},{"introduced":"0"},{"last_affected":"5f187399f3181045087e657b0b862dba58b67e6d"},{"introduced":"0"},{"last_affected":"4fd7bffaf2ee73201910684f2674aa1bced7fe81"},{"introduced":"0"},{"last_affected":"1299aae21ee19d2dc2f174b09b3d74e4faec7f9b"},{"introduced":"0"},{"last_affected":"d8c1480bb58de0f632a1942e9e659be06bc59dad"},{"introduced":"0"},{"last_affected":"95fa2360ea2f698378c730d40eb3ee3812f271a9"},{"introduced":"0"},{"last_affected":"b1a6c1fe7b2cea0f00227508f0c733c0a8e62fe3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0.0"},{"introduced":"0"},{"last_affected":"9.0.0-beta1"},{"introduced":"0"},{"last_affected":"9.0.0-beta2"},{"introduced":"0"},{"last_affected":"9.0.0-cr1"},{"introduced":"0"},{"last_affected":"9.0.0-cr2"},{"introduced":"0"},{"last_affected":"9.0.1"},{"introduced":"0"},{"last_affected":"9.0.2"},{"introduced":"0"},{"last_affected":"10.0.0"},{"introduced":"0"},{"last_affected":"10.0.0-alpha1"},{"introduced":"0"},{"last_affected":"10.0.0-alpha2"},{"introduced":"0"},{"last_affected":"10.0.0-alpha3"},{"introduced":"0"},{"last_affected":"10.0.0-alpha4"},{"introduced":"0"},{"last_affected":"10.0.0-alpha5"},{"introduced":"0"},{"last_affected":"10.0.0-alpha6"},{"introduced":"0"},{"last_affected":"10.0.0-beta1"},{"introduced":"0"},{"last_affected":"10.0.0-beta2"},{"introduced":"0"},{"last_affected":"10.0.0-cr1"},{"introduced":"0"},{"last_affected":"10.0.0-cr2"},{"introduced":"0"},{"last_affected":"10.0.0-cr3"},{"introduced":"0"},{"last_affected":"10.0.0-cr4"},{"introduced":"0"},{"last_affected":"10.0.0-cr5"},{"introduced":"0"},{"last_affected":"10.1.0"},{"introduced":"0"},{"last_affected":"10.1.0-cr1"},{"introduced":"0"},{"last_affected":"11.0.0"},{"introduced":"0"},{"last_affected":"11.0.0-alpha1"},{"introduced":"0"},{"last_affected":"11.0.0-beta1"},{"introduced":"0"},{"last_affected":"11.0.0-cr1"},{"introduced":"0"},{"last_affected":"7.1.0"}]}}],"versions":["7.0.0.Alpha1","7.0.0.Alpha1-final","7.0.0.Beta1-prerelease","7.0.0.Beta2","7.0.0.Beta2-prerelease","7.0.0.Beta3","7.0.0.CR1","7.0.0.Final","7.0.0.Final-prerelease","7.0.0.Final-prerelease2","7.0.0.Final-prerelease3","7.1.0.Alpha1","7.1.0.Beta1","7.1.0.CR1","7.1.0.Final","7.1.0.Final-prerelease","7.1.0.Final-prerelease2","7.1.1.Final","7.1.2-prerelease","7.1.2.Final","7.2.0.Final","7.2.0.Final-prerelease1","8.0.0.Alpha1","8.0.0.Alpha2","8.0.0.Alpha3","8.0.0.Alpha4","8.0.0.Beta1","8.0.0.CR1","8.0.0.Final","8.1.0.CR1","8.1.0.CR2","9.0.0.Beta1","9.0.0.Beta2","9.0.0.CR1","9.0.0.CR2","9.0.0.Final"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1047.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0.0-alpha1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}