vulnerability

Red Hat JBoss EAP: CVE-2016-9878: Path Traversal

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Dec 21, 2016	Sep 19, 2024	Nov 26, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Dec 21, 2016

Added

Sep 19, 2024

Modified

Nov 26, 2025

Description

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.. It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct a directory traversal attacks.

Solution

red-hat-jboss-eap-upgrade-latest

References

CWE-22
CVE-2016-9878
https://attackerkb.com/topics/CVE-2016-9878
URL-https://access.redhat.com/security/cve/CVE-2016-9878
URL-https://bugzilla.redhat.com/show_bug.cgi?id=1408164
URL-https://pivotal.io/security/cve-2016-9878

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today