Description
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
Remediation
References
https://github.com/uberfire/uberfire/commit/21ec50eb15
http://rhn.redhat.com/errata/RHSA-2015-0235.html
http://rhn.redhat.com/errata/RHSA-2015-0234.html
http://www.securityfocus.com/bid/88199
Related Vulnerabilities
CVE-2020-1695 Vulnerability in maven package org.jboss.resteasy:resteasy-core
CVE-2018-12536 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2020-2198 Vulnerability in maven package hudson.plugins:project-inheritance
CVE-2015-0250 Vulnerability in maven package org.eclipse.birt.runtime:org.apache.batik.dom
CVE-2023-33946 Vulnerability in maven package com.liferay.portal:release.portal.bom