Kwetsbaarheid CVE-2018-1797

IBM WebSphere Application Server 7.0, 8.0, 8.5, And 9.0 Using Enterprise Bundle Archives (EBA) Could Allow A Local Attacker To Traverse Directories On The System. By Persuading A Victim To Extract A Specially-crafted ZIP Archive Containing "dot Dot Slash" Sequences (../), An Attacker Could Exploit This Vulnerability To Write To Arbitrary Files On The System. Note: This Vulnerability Is Known As "Zip-Slip". IBM X-Force ID: 149427.

Algemeen

CVE
CVE-2018-1797
Leverancier(s) betrokken
Omschrijving
IBM WebSphere Application Server 7.0, 8.0, 8.5, And 9.0 Using Enterprise Bundle Archives (EBA) Could Allow A Local Attacker To Traverse Directories On The System. By Persuading A Victim To Extract A Specially-crafted ZIP Archive Containing "dot Dot Slash" Sequences (../), An Attacker Could Exploit This Vulnerability To Write To Arbitrary Files On The System. Note: This Vulnerability Is Known As "Zip-Slip". IBM X-Force ID: 149427.
Publicatie
Vrijdag, 16 November 2018
Gewijzigd
Donderdag, 22 November 2018 15:00
Ernst

Referenties

Modificatie geschiedenis

Geef hieronder je email adres op en word op de hoogte gehouden van aanpassingen aan deze CVE