Home > Vulnerability Database > CVE-2018-10862

WhiteSource Vulnerability Database

CVE-2018-10862

Good to know:

Date: July 27, 2018

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Language: Java

Severity Score

5.5

Related Resources (5)

Url: https://access.redhat.com/errata/RHSA-2018:2428

Url: https://access.redhat.com/errata/RHSA-2018:2425

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-10862

Url: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2018-10862

Severity Score

5.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version org.wildfly.core:wildfly-deployment-repository:6.0.0.Alpha3

Learn More

CVSS v3

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.9
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

WhiteSource Vulnerability Database

We found results for “”

CVE-2018-10862

Good to know:

Date: July 27, 2018

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?