CVE-2017-2617 – Hawtio: Unrestricted file upload leads to RCE

https://notcve.org/view.php?id=CVE-2017-2617

hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed. hawtio en versiones anteriores a la 1.5.5 es vulnerable a la ejecución remota de código mediante la subida de archivos. Un atacante podría usar esta vulnerabilidad para subir un archivo manipulado que podría ejecutarse en una máquina objetivo en la que se está desplegando hawtio. It was found that a flaw in hawtio could cause remote code execution via file upload. An attacker could use this vulnerability to upload crafted file which could be executed on a target machine where hawtio is deployed. • http://www.securityfocus.com/bid/96036 https://access.redhat.com/errata/RHSA-2018:0319 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2617 https://access.redhat.com/security/cve/CVE-2017-2617 https://bugzilla.redhat.com/show_bug.cgi?id=1419363 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •