CVE-2015-3198: Exposure of Sensitive Information to an Unauthorized Actor

May 17, 2022 (updated August 3, 2023)

The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a “/” at the end of a URL.

References

bugzilla.redhat.com/show_bug.cgi?id=1224787
developer.jboss.org/message/927301
github.com/advisories/GHSA-4vwv-x3gp-2j4g
issues.jboss.org/browse/WFLY-4595
nvd.nist.gov/vuln/detail/CVE-2015-3198
stackoverflow.com/questions/30028346/with-trailing-slash-in-url-jsp-show-source-code

Code Behaviors & Features

Detect and mitigate CVE-2015-3198 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →