Description

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0234.html

http://rhn.redhat.com/errata/RHSA-2015-0235.html

http://www.securityfocus.com/bid/88199

https://github.com/uberfire/uberfire/commit/21ec50eb15

Related Vulnerabilities

CVE-2023-30857 Vulnerability in npm package @aedart/support

CVE-2017-4960 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa

CVE-2020-2153 Vulnerability in maven package org.jenkins-ci.plugins:backlog

CVE-2021-33036 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-server-common

CVE-2022-31160 Vulnerability in maven package org.webjars.npm:jquery-ui

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory