Описание
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Конфигурация 4Версия до 5.0.0 (включая)
Одно из
cpe:2.3:a:redhat:wildfly_core:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly_core:6.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly_core:6.0.0:alpha2:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00325
Низкий
5.5 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.6
redhat
больше 7 лет назад
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
CVSS3: 5.5
debian
больше 7 лет назад
WildFly Core before version 6.0.0.Alpha3 does not properly validate fi ...
CVSS3: 5.5
github
больше 3 лет назад
Improper Limitation of a Pathname to a Restricted Directory in WildFly
EPSS
Процентиль: 55%
0.00325
Низкий
5.5 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
CWE-22