PT-2019-18131 · Wso2 · Wso2 Api Manager

Julien Oury–Nogues

Published

2019-05-21

Updated

2019-05-23

CVE-2019-6513

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions WSO2 API Manager version 2.6.0

Description An issue was discovered that allows a logged-in user to upload any type of file as API documentation by changing the file extension to an allowed one.

Recommendations For WSO2 API Manager version 2.6.0, consider restricting file uploads to only necessary file types to minimize the risk of exploitation. As a temporary workaround, implement additional validation checks on uploaded files to ensure they match the expected file type based on the extension.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-6513

Affected Products

Wso2 Api Manager

PT-2019-18131 · Wso2 · Wso2 Api Manager

CVE-2019-6513

Weakness Enumeration

Related Identifiers

Affected Products

References · 5