CVE-2018-10862 Information
Description
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the ‘Zip Slip’ vulnerability.
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Reference
https://access.redhat.com/errata/RHSA-2018:2276 https://access.redhat.com/errata/RHSA-2018:2277 https://access.redhat.com/errata/RHSA-2018:2279 https://access.redhat.com/errata/RHSA-2018:2423 https://access.redhat.com/errata/RHSA-2018:2424 https://access.redhat.com/errata/RHSA-2018:2425 https://access.redhat.com/errata/RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2019:0877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862 https://snyk.io/research/zip-slip-vulnerability
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
5.5
Share on: