PT-2019-18131 · Wso2 · Wso2 Api Manager

Julien Oury–Nogues

Publicado

2019-05-21

Atualizado

2019-05-23

CVE-2019-6513

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions WSO2 API Manager version 2.6.0

Description An issue was discovered that allows a logged-in user to upload any type of file as API documentation by changing the file extension to an allowed one.

Recommendations For WSO2 API Manager version 2.6.0, consider restricting file uploads to only necessary file types to minimize the risk of exploitation. As a temporary workaround, implement additional validation checks on uploaded files to ensure they match the expected file type based on the extension.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2019-6513

Produtos afetados

Wso2 Api Manager

PT-2019-18131 · Wso2 · Wso2 Api Manager

CVE-2019-6513

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5