CVE-2023-5257

Name of the Vulnerable Software and Affected Versions WhiteHSBG JNDIExploit version 1.4

Description A vulnerability was found in the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. This issue is related to insufficient restrictions on directory path names in the Java Naming and Directory Interface (JNDI) JNDIExploit tool.

Recommendations As a temporary workaround, consider disabling the handleFileRequest function until a patch is available. Restrict access to the HTTPServer.java file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.