CVE-2018-10862 — MEDIUM (5.5)

Q: How severe is CVE-2018-10862?

CVE-2018-10862 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-10862?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Virtualization, Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux, Redhat Wildfly Core.

Vulnerability Description

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Virtualization	4.0
Redhat	Jboss Enterprise Application Platform	7.1.0
Redhat	Enterprise Linux	6.0
Redhat	Wildfly Core	<= 5.0.0

Related Weaknesses (CWE)

CWE-22

References

https://access.redhat.com/errata/RHSA-2018:2276Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2277Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2279Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2423Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2424Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2425Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2428Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2643Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:0877Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862Issue TrackingVendor Advisory
https://snyk.io/research/zip-slip-vulnerabilityThird Party Advisory
https://access.redhat.com/errata/RHSA-2018:2276Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2277Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2279Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2423Vendor Advisory

FAQ

What is CVE-2018-10862?

CVE-2018-10862 is a vulnerability with a CVSS score of 5.5 (MEDIUM). WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance ...

How severe is CVE-2018-10862?

CVE-2018-10862 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-10862?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Virtualization, Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux, Redhat Wildfly Core.