Description

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.

Remediation

References

https://github.com/uberfire/uberfire/commit/21ec50eb15

http://rhn.redhat.com/errata/RHSA-2015-0235.html

http://rhn.redhat.com/errata/RHSA-2015-0234.html

http://www.securityfocus.com/bid/88199

Related Vulnerabilities

CVE-2021-36373 Vulnerability in maven package org.apache.ant:ant

CVE-2023-37943 Vulnerability in maven package org.jenkins-ci.plugins:active-directory

CVE-2023-20873 Vulnerability in maven package org.springframework.boot:spring-boot-actuator-autoconfigure

CVE-2022-45146 Vulnerability in maven package org.bouncycastle:bc-fips

CVE-2020-36732 Vulnerability in maven package org.webjars.npm:crypto-js

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory