{
  "threat_severity" : "Moderate",
  "public_date" : "2016-11-04T00:00:00Z",
  "bugzilla" : {
    "description" : "Spark: Directory traversal vulnerability in version 2.5",
    "id" : "1393607",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1393607"
  },
  "cvss" : {
    "cvss_base_score" : "5.0",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.", "A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data." ],
  "affected_release" : [ {
    "product_name" : "Red Hat JBoss A-MQ 6.3",
    "release_date" : "2017-04-03T00:00:00Z",
    "advisory" : "RHSA-2017:0868",
    "cpe" : "cpe:/a:redhat:jboss_amq:6.3"
  }, {
    "product_name" : "Red Hat JBoss Fuse 6.3",
    "release_date" : "2017-04-03T00:00:00Z",
    "advisory" : "RHSA-2017:0868",
    "cpe" : "cpe:/a:redhat:jboss_fuse:6.3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat JBoss Fuse 6",
    "fix_state" : "Affected",
    "package_name" : "Camel",
    "cpe" : "cpe:/a:redhat:jboss_fuse:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-9177\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9177\nhttp://seclists.org/fulldisclosure/2016/Nov/13" ],
  "name" : "CVE-2016-9177",
  "csaw" : false
}