CVE-2018-10862

CWE-22 — Path Traversal8 documents6 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 46.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Wildfly Core Redhat Jboss Enterprise Application Platform Redhat Virtualization

Timeline

PublishedJul 27

Latest updateMay 14

Description

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶Mavenorg.wildfly.core:wildfly-server< 6.0.0.Alpha3

▶NVDredhat/wildfly_core5.0.0+1

▶NVDredhat/virtualization4.0

▶NVDredhat/jboss_enterprise_application_platform7.1.0

🔴Vulnerability Details

OSV

Improper Limitation of a Pathname to a Restricted Directory in WildFly↗2022-05-14

▶

GHSA

Improper Limitation of a Pathname to a Restricted Directory in WildFly↗2022-05-14

▶

CVEList

CVE-2018-10862: WildFly Core before version 6↗2018-07-27

▶

📋Vendor Advisories

Red Hat

wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)↗2018-06-21

▶

💬Community

Bugzilla

CVE-2018-10862 wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) [fedora-all]↗2018-06-25

▶

Bugzilla

CVE-2018-10862 wildfly-common: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) [epel-7]↗2018-06-25

▶

Bugzilla

CVE-2018-10862 wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)↗2018-06-21

▶