CVE-2018-10862
wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
WildFly Core en versiones anteriores a la 6.0.0.0.Alpha3 no valida correctamente las rutas de los archivos en los archivos .war, lo que permite la extracción de archivos .war manipulados para sobrescribir archivos arbitrarios. Este es un ejemplo de la vulnerabilidad 'Zip Slip'.
It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-05-09 CVE Reserved
- 2018-07-26 CVE Published
- 2023-07-21 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| https://snyk.io/research/zip-slip-vulnerability | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2276 | 2019-04-26 | |
| https://access.redhat.com/errata/RHSA-2018:2277 | 2019-04-26 | |
| https://access.redhat.com/errata/RHSA-2018:2279 | 2019-04-26 | |
| https://access.redhat.com/errata/RHSA-2018:2423 | 2019-04-26 | |
| https://access.redhat.com/errata/RHSA-2018:2424 | 2019-04-26 | |
| https://access.redhat.com/errata/RHSA-2018:2425 | 2019-04-26 | |
| https://access.redhat.com/errata/RHSA-2018:2428 | 2019-04-26 | |
| https://access.redhat.com/errata/RHSA-2018:2643 | 2019-04-26 | |
| https://access.redhat.com/errata/RHSA-2019:0877 | 2019-04-26 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862 | 2019-04-26 | |
| https://access.redhat.com/security/cve/CVE-2018-10862 | 2020-06-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1593527 | 2020-06-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.1.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.1.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.1.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.1.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Virtualization Search vendor "Redhat" for product "Virtualization" | 4.0 Search vendor "Redhat" for product "Virtualization" and version "4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Wildfly Core Search vendor "Redhat" for product "Wildfly Core" | <= 5.0.0 Search vendor "Redhat" for product "Wildfly Core" and version " <= 5.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Wildfly Core Search vendor "Redhat" for product "Wildfly Core" | 6.0.0 Search vendor "Redhat" for product "Wildfly Core" and version "6.0.0" | alpha1 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Wildfly Core Search vendor "Redhat" for product "Wildfly Core" | 6.0.0 Search vendor "Redhat" for product "Wildfly Core" and version "6.0.0" | alpha2 |
Affected
| ||||||