Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2017-3734

Good to know:

icon
icon

Date: January 21, 2017

Affected versions of the package are vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server

Language: Java

Severity Score

Related Resources (3)

https://github.com/apache/httpcomponents-client/commit/0554271750599756d4946c0d7ba43d04b1a7b220
https://issues.apache.org/jira/browse/HTTPCLIENT-1803
https://www.mend.io/vulnerability-database/WS-2017-3734

Severity Score

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

icon

Upgrade Version

Upgrade to version titan-framework/sample-api - no_fix;mpa-portable - 1.9.0;cromwell - 40;cromwell - 0.29;womtool - 50;womtool - 53;logstash-binary - no_fix;vufind/vufind - dev-legacy/lbs4-daia;vufind/vufind - v3.1;vufind/vufind - dev-legacy/mink-autoretry;vufind/vufind - dev-release-5.0;vufind/vufind - dev-pullrequest_accessib_turn-my-account-menu-into-ul;eoulsan - 2.3;eoulsan - no_fix;mzmine - no_fix;fgbio - 0.2.0;fgbio - 0.4.0;owlready2 - 0.40;eslider/solr - no_fix;pepgenome - no_fix;wispiring/qcloudsms - no_fix;nextflow - 0.30.0;metanovo - no_fix;r-awr - 1.11.189_1;sirius-csifingerid - 4.9.3;JetBrains.Rider.Frontend4 - 202.0.20200820.182208;pyspark - 2.3.0;beakerx - no_fix;peptide-shaker - 1.16.26;peptide-shaker - 2.0.33;gsea - no_fix;titan-framework/sample-travel - no_fix;lvdd.ecProduct.service.api.clientSDK-1.0.0 - no_fix;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;org.apache.activemq:artemis-console:2.10.0;org.apache.activemq:artemis-console:2.14.0;org.apache.activemq:artemis-console:2.10.1;org.apache.activemq:artemis-console:2.12.0;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.5.X;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.5.X;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.2.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:no_fix;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.5.X;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-maven-indexer:1.4.1;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:2.0.0;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;org.apache.activemq.examples.rest:mixed-jms-rest:2.10.0;org.apache.activemq.examples.rest:mixed-jms-rest:2.12.0;org.apache.activemq.examples.rest:mixed-jms-rest:2.10.1;org.apache.activemq.examples.rest:mixed-jms-rest:2.14.0;org.apache.activemq.examples.rest:mixed-jms-rest:2.8.0;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:1.0.0.redhat-412;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:1.2.0.redhat-133;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:1.2.0.redhat-133;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.5.X;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.5.X;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;org.jboss.teiid.connectors:connector-ws:no_fix;org.overlord.sramp:s-ramp-distro-shell:no_fix;org.overlord.sramp:s-ramp-distro-shell:no_fix;org.riftsaw.console:switchyard-bpel-console-server:no_fix;org.riftsaw.console:switchyard-bpel-console-server:no_fix;org.riftsaw.console:switchyard-bpel-console-server:no_fix;org.riftsaw.console:switchyard-bpel-console-server:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:1.2.0.redhat-133;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;org.infinispan:infinispan-server-rest:6.0.2.Final;org.infinispan:infinispan-server-rest:9.0.0.Alpha1;org.infinispan:infinispan-server-rest:7.0.0.Alpha1;org.infinispan:infinispan-server-rest:9.0.0.Alpha1;org.infinispan:infinispan-server-rest:7.0.0.Alpha1;org.infinispan:infinispan-server-rest:7.0.0.Alpha1;org.jboss.bpm:gwt-console-server:no_fix;org.jboss.bpm:gwt-console-server:no_fix;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;org.apache.activemq.examples.rest:javascript-chat:2.8.0;org.apache.activemq.examples.rest:javascript-chat:2.14.0;org.apache.activemq.examples.rest:javascript-chat:2.12.0;org.apache.activemq.examples.rest:javascript-chat:2.10.1;org.apache.activemq.examples.rest:javascript-chat:2.10.0;org.apache.activemq.examples.rest:push:2.14.0;org.apache.activemq.examples.rest:push:2.12.0;org.apache.activemq.examples.rest:push:2.10.1;org.apache.activemq.examples.rest:push:2.8.0;org.apache.activemq.examples.rest:push:2.10.0;io.hawt:hawtio-karaf-terminal:1.5.X;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;io.hawt:hawtio-karaf-terminal:1.4.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.15.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.18.2;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.14.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.17.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.5.X;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.5.X;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;org.apache.activemq.examples.rest:dup-send:2.14.0;org.apache.activemq.examples.rest:dup-send:2.12.0;org.apache.activemq.examples.rest:dup-send:2.10.1;org.apache.activemq.examples.rest:dup-send:2.10.0;org.apache.activemq.examples.rest:dup-send:2.8.0;org.jboss.aerogear.unifiedpush:unifiedpush-server-eap:no_fix;org.amqphub.jca:resource-adapter-thorntail-example:no_fix;org.webjars.npm:nashorn-polyfill:no_fix;io.apiman:apiman-manager-api-war:1.2.1.Final;org.apache.httpcomponents:httpclient:4.5.3;org.apache.httpcomponents:httpclient:4.5.3;org.jboss.bpm:report-server:no_fix;org.webjars.npm:nashorn-babel-polyfill:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): PHYSICAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us