SB2018070207 - Security restrictions bypass in Apache Storm

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018070207

SB2018070207 - Security restrictions bypass in Apache Storm

Published: July 2, 2018

Security Bulletin ID SB2018070207
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Path traversal (CVE-ID: CVE-2018-8008)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to path traversal when handling malicious input. A remote attacker can use a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames, conduct directory traversal attack and write arbitrary files in the system.


Remediation

Install update from vendor's website.

References