Directory traversal vulnerability allows access to arbitrary files. This can be triggered by using `dot dot` prefix to requested resource URI.

Refer to CVE-2014-7816 for more information.

Undertow issue is at UNDERTOW-338.

Note that at the time of filing this is under embargo until instructed by the original reporter.