CVE-2016-0793
WildFly has incomplete blacklist vulnerability
7.5
HIGH
CVSS 3.1
EPSS 30.0%
Description
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
How to fix CVE-2016-0793
To remediate CVE-2016-0793, upgrade the affected package to a fixed version below.
- —upgrade to 10.0.0.Final or later
- —upgrade to 10.0.0.Final or later
Is CVE-2016-0793 being exploited?
Moderate — EPSS is 30.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 10.0.0.Final
- from 0, < 10.0.0.Final
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |