CVE-2018-10862

Published: Jul 27, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://snyk.io/research/zip-slip-vulnerability

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862

x_refsource_CONFIRM

RHSA-2018:2428

vendor-advisory

x_refsource_REDHAT

RHSA-2018:2643

vendor-advisory

x_refsource_REDHAT

RHSA-2018:2279

vendor-advisory

x_refsource_REDHAT

RHSA-2018:2424

vendor-advisory

x_refsource_REDHAT

RHSA-2018:2276

vendor-advisory

x_refsource_REDHAT

RHSA-2018:2423

vendor-advisory

x_refsource_REDHAT

RHSA-2018:2425

vendor-advisory

x_refsource_REDHAT

RHSA-2018:2277

vendor-advisory

x_refsource_REDHAT

RHSA-2019:0877

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-10862

Description

Affected Products

References