PT-2018-10150 · Red Hat · Wildfly-Core

Sam Fowler

Publicado

2018-07-27

Atualizado

2022-05-14

CVE-2018-10862

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions WildFly Core versions prior to 6.0.0.Alpha3

Description The issue arises from improper validation of file paths in .war archives, allowing crafted .war archives to be extracted and overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Recommendations For versions prior to 6.0.0.Alpha3, update to version 6.0.0.Alpha3 or later to resolve the issue.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2018-10862

GHSA-W8R2-5J8X-X8J6

RHSA-2018:2276

RHSA-2018:2423

RHSA-2018:2424

RHSA-2018:2643

Produtos afetados

Wildfly-Core

PT-2018-10150 · Red Hat · Wildfly-Core

CVE-2018-10862

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15