Description

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0234.html

http://rhn.redhat.com/errata/RHSA-2015-0235.html

http://www.securityfocus.com/bid/88199

https://github.com/uberfire/uberfire/commit/21ec50eb15

Related Vulnerabilities

CVE-2015-2575 Vulnerability in maven package mysql:mysql-connector-java

CVE-2015-5204 Vulnerability in npm package cordova-plugin-file-transfer

CVE-2020-2121 Vulnerability in maven package org.jenkins-ci.plugins:google-kubernetes-engine

CVE-2019-10369 Vulnerability in maven package org.jenkins-ci.plugins:jclouds-jenkins

CVE-2013-2055 Vulnerability in maven package org.apache.wicket:wicket

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory