WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2018:2276 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:2277 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:2279 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:2423 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:2424 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:2425 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:2428 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:2643 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:0877 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862 | Issue Tracking Vendor Advisory |
https://snyk.io/research/zip-slip-vulnerability | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2018-07-27 14:29
Updated : 2024-02-04 20:03
NVD link : CVE-2018-10862
Mitre link : CVE-2018-10862
CVE.ORG link : CVE-2018-10862
JSON object : View
Products Affected
redhat
- virtualization
- enterprise_linux
- wildfly_core
- jboss_enterprise_application_platform
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')