Vulnerability Description
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jfrog | Artifactory | < 4.16 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/147378/Jfrog-Artifactory-Code-Execution-SheExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/44543/ExploitThird Party AdvisoryVDB Entry
- https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-ArtifactRelease NotesVendor Advisory
- http://packetstormsecurity.com/files/147378/Jfrog-Artifactory-Code-Execution-SheExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/44543/ExploitThird Party AdvisoryVDB Entry
- https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-ArtifactRelease NotesVendor Advisory
FAQ
What is CVE-2016-10036?
CVE-2016-10036 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploa...
How severe is CVE-2016-10036?
CVE-2016-10036 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-10036?
Check the references section above for vendor advisories and patch information. Affected products include: Jfrog Artifactory.