Vulnerability Name:

CVE-2018-10862 (CCN-147931)

Assigned:2018-07-27
Published:2018-07-27
Updated:2019-04-26
Summary:WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2018-10862

Source: CCN
Type: WildFly Web site
WildFly Homepage

Source: REDHAT
Type: Vendor Advisory
RHSA-2018:2276

Source: REDHAT
Type: Vendor Advisory
RHSA-2018:2277

Source: REDHAT
Type: Vendor Advisory
RHSA-2018:2279

Source: REDHAT
Type: Vendor Advisory
RHSA-2018:2423

Source: REDHAT
Type: Vendor Advisory
RHSA-2018:2424

Source: REDHAT
Type: Vendor Advisory
RHSA-2018:2425

Source: REDHAT
Type: Vendor Advisory
RHSA-2018:2428

Source: REDHAT
Type: Vendor Advisory
RHSA-2018:2643

Source: REDHAT
Type: Vendor Advisory
RHSA-2019:0877

Source: CCN
Type: Red Hat Bugzilla – Bug 1593527
(CVE-2018-10862) CVE-2018-10862 wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862

Source: XF
Type: UNKNOWN
wildfly-core-cve201810862-dir-trav(147931)

Source: MISC
Type: Third Party Advisory
https://snyk.io/research/zip-slip-vulnerability

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-10862

Vulnerable Configuration:Configuration 1:
  • cpe:/a:redhat:virtualization:4.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:redhat:wildfly_core:*:*:*:*:*:*:*:* (Version <= 5.0.0)
  • OR cpe:/a:redhat:wildfly_core:6.0.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:redhat:wildfly_core:6.0.0:alpha2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    redhat virtualization 4.0
    redhat jboss enterprise application platform 7.1.0
    redhat enterprise linux 6.0
    redhat jboss enterprise application platform 7.1.0
    redhat enterprise linux 7.0
    redhat wildfly core *
    redhat wildfly core 6.0.0 alpha1
    redhat wildfly core 6.0.0 alpha2