Back to search
CVE-2018-1316
Published: Mar 5, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache ODE | affected prior to 1.3.3 |
References
[user] 20180304 CVE-2018-1316 used to cover issue incorrectly used CVE-2008-2370 for ODE 1.3.3
mailing-list
x_refsource_MLIST
[www-announce] 20090808 Apache ODE 1.3.3
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now