CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-3688

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.9%

CVSS Severity

CVSS v3 Score 4.8

References

Products affected by CVE-2021-3688

Redhat » Jboss Core Services Httpd » Version: N/A

cpe:2.3:a:redhat:jboss_core_services_httpd:-
Redhat » Jboss Core Services Httpd » Version: 2.4.23

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.23
Redhat » Jboss Core Services Httpd » Version: 2.4.29

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.29
Redhat » Jboss Core Services Httpd » Version: 2.4.37

cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-3688

Products

Pricing

Contact Us