Description
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-0234.html
http://rhn.redhat.com/errata/RHSA-2015-0235.html
http://www.securityfocus.com/bid/88199
https://github.com/uberfire/uberfire/commit/21ec50eb15
Related Vulnerabilities
CVE-2022-41249 Vulnerability in maven package com.meowlomo.jenkins:scm-httpclient
CVE-2016-4432 Vulnerability in maven package org.apache.qpid:qpid-broker-plugins-amqp-0-10-protocol
CVE-2023-33943 Vulnerability in maven package com.liferay:com.liferay.account.admin.web
CVE-2023-25141 Vulnerability in maven package org.apache.sling:org.apache.sling.jcr.base