Miggo Logo
Miggo Vulnerability Database
CVE-2015-3198

CVE-2015-3198: The Undertow module of WildFly allows source code disclosure

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2015-3198
GHSA ID
GHSA-4vwv-x3gp-2j4g
EPSS Score
0.59447%
CWE
CWE-200
Published
5/17/2022
Updated
8/3/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.wildfly:wildfly-parentmaven>= 8.1.0.Final, <= 9.0.0.CR19.0.0.CR2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Undertow's DefaultServlet not handling trailing slashes in JSP URLs. The fix (visible in WFLY-4595 and related PRs) added a path validation check in DefaultServlet.service() to reject requests ending with '/'. The vulnerable versions lacked this check, allowing JSP source disclosure by appending '/' to URLs. This matches the CWE-200 exposure pattern and is confirmed by community analysis showing the added path.endsWith("/") guard clause as the mitigation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** Un**rtow mo*ul* o* Wil**ly v*rsions *.*.*.*in*l, *.*.*.*in*l, *.*.*.*R* *llows r*mot* *tt**k*rs to o*t*in t** sour** *o** o* * JSP p*** vi* * "/" *t t** *n* o* * URL.

Reasoning

T** vuln*r**ility st*ms *rom Un**rtow's ****ultS*rvl*t not **n*lin* tr*ilin* sl*s**s in JSP URLs. T** *ix (visi*l* in W*LY-**** *n* r*l*t** PRs) ***** * p*t* v*li**tion ****k in `****ultS*rvl*t.s*rvi**()` to r*j**t r*qu*sts *n*in* wit* '/'. T** vuln*