5

CVSS Score

Basic Information

CVE ID

CVE-2014-7816

GHSA ID

GHSA-h6p6-fc4w-cqhx

EPSS Score

0.97873%

CWE

CWE-22

Published

5/17/2022

Updated

1/27/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2014-7816

CVE-2014-7816: Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.

(GitHub Advisory)

5

CVSS Score

Basic Information

CVE ID

CVE-2014-7816

GHSA ID

GHSA-h6p6-fc4w-cqhx

EPSS Score

0.97873%

CWE

CWE-22

Published

5/17/2022

Updated

1/27/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
io.undertow:undertow-core	maven	>= 1.0.0, < 1.0.17	1.0.17
io.undertow:undertow-core	maven	>= 1.1.0.Beta1, <= 1.1.0.CR4	1.1.0.CR5
io.undertow:undertow-core	maven	>= 1.2.0.Beta1, <= 1.2.0.Beta2	1.2.0.Beta3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper path handling on Windows systems. The patches add explicit checks for system path separators in three critical locations:

ResourceHandler's serveResource - Directly processes resource requests
DefaultServlet's doGet - Handles static resource serving
ServletPathMatches' findWelcomeFile - Processes welcome file resolution

In unpatched versions, these functions would process paths containing Windows-style backslashes without proper normalization, allowing attackers to bypass directory traversal protections using alternate path separators. The vulnerable functions are directly involved in processing user-supplied URIs and resource resolution, making them key runtime detection points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ir**tory tr*v*rs*l vuln*r**ility in J*oss Un**rtow *.*.x ***or* *.*.**, *.*.x ***or* *.*.*.*R*, *n* *.*.x ***or* *.*.*.**t**, w**n runnin* on Win*ows, *llows r*mot* *tt**k*rs to r*** *r*itr*ry *il*s vi* * .. (*ot *ot) in * r*sour** URI.

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* **n*lin* on Win*ows syst*ms. T** p*t***s *** *xpli*it ****ks *or syst*m p*t* s*p*r*tors in t*r** *riti**l lo**tions: *. R*sour****n*l*r's s*rv*R*sour** - *ir**tly pro**ss*s r*sour** r*qu*sts *. ****ultS*rvl*

5

Basic Information

Concerned about an active attack path?

CVE-2014-7816: Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow

5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI