The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-02-20T16:00:00

Updated: 2024-08-06T13:10:50.634Z

Reserved: 2014-10-10T00:00:00

Link: CVE-2014-8114

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-02-20T16:59:02.430

Modified: 2024-11-21T02:18:35.133

Link: CVE-2014-8114

cve-icon Redhat

Severity : Important

Publid Date: 2015-02-17T00:00:00Z

Links: CVE-2014-8114 - Bugzilla