PT-2018-10150 · Red Hat · Wildfly-Core

Sam Fowler

Published

2018-07-27

Updated

2022-05-14

CVE-2018-10862

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions WildFly Core versions prior to 6.0.0.Alpha3

Description The issue arises from improper validation of file paths in .war archives, allowing crafted .war archives to be extracted and overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Recommendations For versions prior to 6.0.0.Alpha3, update to version 6.0.0.Alpha3 or later to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-10862

GHSA-W8R2-5J8X-X8J6

RHSA-2018:2276

RHSA-2018:2423

RHSA-2018:2424

RHSA-2018:2643

Affected Products

Wildfly-Core

PT-2018-10150 · Red Hat · Wildfly-Core

CVE-2018-10862

Weakness Enumeration

Related Identifiers

Affected Products

References · 15