#VU18431 Path traversal in Karaf - CVE-2019-0226

 

#VU18431 Path traversal in Karaf - CVE-2019-0226

Published: May 11, 2019


Vulnerability identifier: #VU18431
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-0226
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
Karaf
Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences within the Apache Karaf Config service that provides an install method via service or MBean. A remote authenticated attacker can use directory traversal characters to overwrite arbitrary files on the system.


Remediation

Install updates from vendor's website.

External links