Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0709

CWE-22 ā€” Path Traversal5 documents5 sources
Severity
7.2HIGH
EPSS
70.9%
top 1.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Jetspeed
Timeline
PublishedApr 11
Latest updateMay 17

Description

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

ā–¶NVDapache/jetspeed2.3.0

šŸ”“Vulnerability Details

3
OSV
Path Traversal in Apache Jetspeedā†—2022-05-17
ā–¶
GHSA
Path Traversal in Apache Jetspeedā†—2022-05-17
ā–¶
CVEList
CVE-2016-0709: Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2ā†—2016-04-11
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
Apache Jetspeed - Arbitrary File Upload (Metasploit)ā†—2016-03-31
ā–¶
CVE-2016-0709 (HIGH CVSS 7.2) | Directory traversal vulnerability i | cvebase.io