Home > Vulnerability Database > CVE-2018-10862

Mend.io Vulnerability Database

CVE-2018-10862

Good to know:

Date: July 27, 2018

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Language: Java

Severity Score

5.5

Related Resources (12)

Url: https://access.redhat.com/errata/RHSA-2018:2428

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862

Url: https://access.redhat.com/errata/RHSA-2018:2425

Url: https://access.redhat.com/errata/RHSA-2018:2643

Url: https://access.redhat.com/errata/RHSA-2018:2423

Url: https://access.redhat.com/errata/RHSA-2019:0877

Url: https://access.redhat.com/errata/RHSA-2018:2424

Url: https://access.redhat.com/errata/RHSA-2018:2279

Url: https://access.redhat.com/errata/RHSA-2018:2276

Url: https://access.redhat.com/errata/RHSA-2018:2277

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-10862

Url: https://www.mend.io/vulnerability-database/CVE-2018-10862

Severity Score

5.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version org.wildfly.core:wildfly-deployment-repository:6.0.0.Alpha3

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.9
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-10862

Good to know:

Date: July 27, 2018

Language: Java

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?