Lucene search

[email protected]NVD:CVE-2023-4760

HistorySep 21, 2023 - 8:15 a.m.

CVE-2023-4760

2023-09-2108:15:09

CWE-23

CWE-22

[email protected]

web.nvd.nist.gov

eclipse rap

remote code execution

fileupload

windows

cve-2023-4760

security flaw

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

JSON

In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.

The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept.

For example, a file name such as /…..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as …..\webapps\shell.war in its webapps directory and can then be executed.

Affected configurations

NVD

Node

eclipseremote_application_platformRange3.0.0–3.25.0

References

github.com/eclipse-rap/org.eclipse.rap/pull/141

gitlab.eclipse.org/security/vulnerability-reports/-/issues/160

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

JSON

Related for NVD:CVE-2023-4760

osv1 cve1 prion1 cvelist1