The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2015-02-20T16:00:00
Updated: 2024-08-06T13:10:50.634Z
Reserved: 2014-10-10T00:00:00
Link: CVE-2014-8114
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-02-20T16:59:02.430
Modified: 2024-11-21T02:18:35.133
Link: CVE-2014-8114
Redhat