Directory traversal vulnerability allows access to arbitrary files. This can be triggered by using `dot dot` prefix to requested resource URI.
Refer to CVE-2014-7816 for more information.
Undertow issue is at UNDERTOW-338.
Note that at the time of filing this is under embargo until instructed by the original reporter.