CVE-2018-1316Path Traversal in Apache ODE

CWE-22Path Traversal5 documents5 sources
Severity
7.5HIGHNVD
CNA5.0GHSA5.0OSV5.0
EPSS
2.2%
top 15.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache ODEApache Software Foundation Apache ODE
Timeline
PublishedMar 5
Latest updateMay 14

Description

The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/ode1.3.2+3
CVEListV5apache_software_foundation/apache_odeprior to 1.3.3

🔴Vulnerability Details

3
GHSA
Apache ODE Path Traversal vulnerability2022-05-14
OSV
Apache ODE Path Traversal vulnerability2022-05-14
CVEList
CVE-2018-1316: The ODE process deployment web service was sensible to deployment messages with forged names2018-03-05
CVE-2018-1316 — Path Traversal in Apache ODE | cvebase