Description

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0234.html

http://rhn.redhat.com/errata/RHSA-2015-0235.html

http://www.securityfocus.com/bid/88199

https://github.com/uberfire/uberfire/commit/21ec50eb15

Related Vulnerabilities

CVE-2016-0712 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed-portal

CVE-2022-41228 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration

CVE-2022-34183 Vulnerability in maven package io.jenkins.plugins:agent-server-parameter

CVE-2019-10282 Vulnerability in maven package hudson.plugins.klaros:klaros-testmanagement

CVE-2020-27885 Vulnerability in maven package org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory