CVE-2021-3688 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-3688 PUBLISHED CVSS 4.800000190734863 MEDIUM

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

EPSS 0.27% · 50.3th percentile

Risk Scores

CVSS v3.1

4.800000190734863

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS Score

0.27%

50.3th percentile

Affected Products

Vendor	Product	Versions
redhat	jboss_core_services_httpd	0, 2.4.37, 2.4.37
n/a	Red Hat JBCS HTTP Server	Fixed in jbcs-httpd-2.4.37.SP10 GA

Timeline

Aug 26, 2022 CVE Published
Aug 27, 2022 EPSS Score
Oct 11, 2022 EPSS Score
Nov 25, 2022 EPSS Score
Jan 9, 2023 EPSS Score
Feb 23, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 9, 2023 EPSS Score
May 24, 2023 EPSS Score
Jul 8, 2023 EPSS Score
Aug 22, 2023 EPSS Score
Oct 6, 2023 EPSS Score

References

Open in Interactive Console →