CVE-2018-1306
published 2018-06-27CVE-2018-1306: The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive…
high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | pluto | — | — |
| apache_software_foundation | apache_pluto | — | — |
| linux | linux_kernel | >= 3.8.0 < 6.17.2 | 6.17.2 |