jQuery File Upload Plugin Leaves Web Servers Vulnerable to Unauthenticated File Upload Attacks
Akamai disclosed that the popular jQuery File Upload plugin has been vulnerable to an unauthenticated file upload flaw since November 2010.
Background
Akamai’s Security Intelligence Response Team (SIRT) recently disclosed that the popular jQuery File Upload plugin -- the second most-starred plugin on Github in the jQuery project -- has been vulnerable to an unauthenticated file upload flaw (CVE-2018-9206) on Apache web servers since November 2010.
Impact assessment
Larry Cashdollar, a security researcher for Akamai's SIRT, said in an interview with ZDNet that he’s seen active exploitation of this vulnerability dating back to 2016, but he gave no details or impression of scope. According to the jQuery File Upload Github repository, there are over 7,800 forks of this plugin, which are likely vulnerable as well.
Vulnerability details
The jQuery File Upload plugin relies on an .htaccess file with custom security settings to restrict access to its upload folder, but beginning with Apache version 2.3.9, administrators can ignore these custom security settings. This change allows attackers to bypass file upload security on Apache web servers that use the jQuery File Upload plugin.
Urgently required actions
Sebastian Tschan, the creator of jQuery File Upload, has since patched the plugin on Github. However, developers who use the plugin or any of its forks on Github will need to update their web applications with the new version of the plugin.
Identifying affected systems
Tenable’s Container Security has checks for the most common variations of php to help identify potentially vulnerable systems. A list of Tenable plugins to identify this vulnerability will appear here as they’re released.
Get more information:
Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.
Related Articles
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
August 14, 2024Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
CVE-2024-20419: Cisco Smart Software Manager On-Prem Password Change Vulnerability
August 9, 2024Critical vulnerability in Cisco Smart Software Manager On-Prem exposes systems to unauthorized password changes, exploit code now available.BackgroundOn July 17, 2024, Cisco published an advisory for ...
Detecting Risky Third-party Drivers on Windows Assets
August 7, 2024Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers.
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
August 14, 2024Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
August 13, 2024Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.
Compromising Microsoft's AI Healthcare Chatbot Service
August 13, 2024Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
- Vulnerability Management