CVE-2018-10862

Description

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

References

Link	Tags
https://snyk.io/research/zip-slip-vulnerability	third party advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862	issue tracking vendor advisory
https://access.redhat.com/errata/RHSA-2018:2428	vendor advisory
https://access.redhat.com/errata/RHSA-2018:2643	vendor advisory
https://access.redhat.com/errata/RHSA-2018:2279	vendor advisory
https://access.redhat.com/errata/RHSA-2018:2424	vendor advisory
https://access.redhat.com/errata/RHSA-2018:2276	vendor advisory
https://access.redhat.com/errata/RHSA-2018:2423	vendor advisory
https://access.redhat.com/errata/RHSA-2018:2425	vendor advisory
https://access.redhat.com/errata/RHSA-2018:2277	vendor advisory
https://access.redhat.com/errata/RHSA-2019:0877	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2018-10862?: CVE-2018-10862 has been scored as a medium severity vulnerability.
How to fix CVE-2018-10862?: To fix CVE-2018-10862, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-10862 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2018-10862 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions