Add CVE-2018-1048 to Jboss EAP
From https://nvd.nist.gov/vuln/detail/CVE-2018-1048
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the
ALLOW_ENCODED_SLASHoption and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.
See https://gitlab.com/gitlab-org/gitlab-ee/issues/9266#note_188507237 cc @dansiviter