← Volver a CVEs

CVE-2018-1263

MEDIUM

4.7

Descripcion

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

Detalles CVE

Puntuacion CVSS v3.14.7

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Vector de ataqueLOCAL

ComplejidadHIGH

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado5/15/2018

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

vmware:spring_integration_zip

Debilidades (CWE)

CWE-22

Referencias

http://www.securityfocus.com/bid/104179(security_alert@emc.com)

https://pivotal.io/security/cve-2018-1263(security_alert@emc.com)

http://www.securityfocus.com/bid/104179(af854a3a-2127-422b-91ae-364da2661108)

https://pivotal.io/security/cve-2018-1263(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.