Описание
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:redhat:uberfire:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:uberfire:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:uberfire:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:uberfire:0.3.3:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01771
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
redhat
почти 11 лет назад
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
EPSS
Процентиль: 82%
0.01771
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264