Description

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0234.html

http://rhn.redhat.com/errata/RHSA-2015-0235.html

http://www.securityfocus.com/bid/88199

https://github.com/uberfire/uberfire/commit/21ec50eb15

Related Vulnerabilities

CVE-2022-41249 Vulnerability in maven package com.meowlomo.jenkins:scm-httpclient

CVE-2022-34201 Vulnerability in maven package com.convertigo.jenkins.plugins:convertigo-mobile-platform

CVE-2016-4432 Vulnerability in maven package org.apache.qpid:qpid-broker-plugins-amqp-0-10-protocol

CVE-2023-33943 Vulnerability in maven package com.liferay:com.liferay.account.admin.web

CVE-2023-25141 Vulnerability in maven package org.apache.sling:org.apache.sling.jcr.base

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory