|Number of vulnerabilities||1|
App Connect Enterprise Certified Container
Server applications / Other server solutions
This security bulletin contains one medium risk vulnerability.
CWE-36 - Absolute Path Traversal
Exploit availability: NoDescription
The vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to a logic issue when extracting tar files that contained both a directory
and a symlink with the same name as the directory. This order of
operations resulted in the directory being created and added to the
directory cache. When a directory is present in the directory cache,
subsequent calls to mkdir for that directory are skipped. However, this
is also where
node-tar checks for symlinks occur.
By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass
symlink checks on directories, essentially allowing an untrusted tar
file to symlink into an arbitrary location and subsequently extracting
arbitrary files into that location, thus allowing arbitrary file
creation and overwrite.
Install update from vendor's website.Vulnerable software versions
App Connect Enterprise Certified Container: 1.0 - 2.0
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?