Vulnerabilities

CVE-2016-0709

by Fred · 11/04/2016

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."

Date published : 2016-04-11

https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709

https://www.exploit-db.com/exploits/39643/

Similar

Tags: Cybersecurity Alert