Main Vulnerability Database Vulnerabilities #VU18431

Path traversal in Karaf - CVE-2019-0226

Published: May 11, 2019

Vulnerability identifier: #VU18431

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-0226

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
Karaf

Detailed vulnerability description

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences within the Apache Karaf Config service that provides an install method via service or MBean. A remote authenticated attacker can use directory traversal characters to overwrite arbitrary files on the system.

How to mitigate CVE-2019-0226

Install updates from vendor's website.

Sources

https://lists.apache.org/thread.html/1baa6f1df0e95fb1cd679067117354af2ab4423277d9a0ff6e8bf790@%3Cdev.karaf.apache.org%3E

Path traversal in Karaf - CVE-2019-0226

Detailed vulnerability description

How to mitigate CVE-2019-0226

Sources

Please verify you're human