Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-0709

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."

Published

2016-04-11T14:59:01.677

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	jetspeed	≤ 2.3.0	Yes

References

http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and Exploit ([email protected])
http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html Exploit ([email protected])
http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload ([email protected])
https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C281D02D0-6A03-4421-9D86-E73B001C8677%40bluesunrise.com%3E ([email protected])
https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709 Vendor Advisory ([email protected])
https://www.exploit-db.com/exploits/39643/ Exploit ([email protected])
http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload (af854a3a-2127-422b-91ae-364da2661108)
https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C281D02D0-6A03-4421-9D86-E73B001C8677%40bluesunrise.com%3E (af854a3a-2127-422b-91ae-364da2661108)
https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/39643/ Exploit (af854a3a-2127-422b-91ae-364da2661108)