CVE-2018-10862

medium

Description

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

References

https://snyk.io/research/zip-slip-vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862

https://access.redhat.com/errata/RHSA-2019:0877

https://access.redhat.com/errata/RHSA-2018:2643

https://access.redhat.com/errata/RHSA-2018:2428

https://access.redhat.com/errata/RHSA-2018:2425

https://access.redhat.com/errata/RHSA-2018:2424

https://access.redhat.com/errata/RHSA-2018:2423

https://access.redhat.com/errata/RHSA-2018:2279

https://access.redhat.com/errata/RHSA-2018:2277

https://access.redhat.com/errata/RHSA-2018:2276

Details

Source: Mitre, NVD

Published: 2018-07-27

Updated: 2019-04-26

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N