Description

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0234.html

http://rhn.redhat.com/errata/RHSA-2015-0235.html

http://www.securityfocus.com/bid/88199

https://github.com/uberfire/uberfire/commit/21ec50eb15

Related Vulnerabilities

CVE-2018-1263 Vulnerability in maven package org.springframework.integration:spring-integration-zip

CVE-2013-3827 Vulnerability in maven package com.sun.faces:jsf-impl

CVE-2020-2298 Vulnerability in maven package org.jenkins-ci.plugins:nerrvana-plugin

CVE-2018-1000175 Vulnerability in maven package org.jenkins-ci.plugins:htmlpublisher

CVE-2020-16022 Vulnerability in npm package electron

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory