Path traversal in IBM WebSphere Application Server

Published: 2018-11-16 15:20:42
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-1797
Exploitation vector Local
Public exploit N/A
Vulnerable software IBM WebSphere Application Server
Vulnerable software versions IBM WebSphere Application Server
IBM WebSphere Application Server
IBM WebSphere Application Server

Show more

Vendor URL IBM Corporation

Security Advisory

1) Path traversal


The vulnerability allows a remote attacker to conduct directory traversal attack.

The vulnerability exists due to improper validation of user-supplied input on systems that have an Enterprise Bundle Archive (EBA) installed and with a path external to the EBA. A remote attacker can trick the victim into extracting a specially crafted ZIP archive containing 'dot dot slash' sequences that, when executed, will write arbitrary files on the target system.

Note: This vulnerability is known as "Zip-Slip".


Install update from vendor's website.

External links

Back to List