Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for remote_application_platform by eclipse
CVE-2023-4760 (GCVE-0-2023-4760)
Vulnerability from cvelistv5 – Published: 2023-09-21 07:35 – Updated: 2024-09-24 16:26
VLAI
Title
Remote Code Execution in Eclipse RAP on Windows
Summary
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.
The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept.
For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Eclipse RAP |
Affected:
3.0.0 , ≤ 3.25.0
(semver)
|
Date Public
2023-09-21 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-rap/org.eclipse.rap/pull/141"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T16:25:22.581958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T16:26:06.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Eclipse RAP",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "3.25.0",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-21T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIn Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.\u003cbr\u003e\n\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe reason for this is a not completely secure extraction of the file name in the \u003ccode\u003eFileUploadProcessor.stripFileName(String name)\u003c/code\u003e method. As soon as this finds a \u003ccode\u003e/\u003c/code\u003e in the path, everything before it is removed, but potentially \u003ccode\u003e\\\u003c/code\u003e (backslashes) coming further back are kept.\u003cbr\u003e\nFor example, a file name such as \u003ccode\u003e/..\\..\\webapps\\shell.war\u003c/code\u003e can be used to upload a file to a Tomcat server under Windows, which is then saved as \u003ccode\u003e..\\..\\webapps\\shell.war\u003c/code\u003e in its \u003ccode\u003ewebapps\u003c/code\u003e directory and can then be executed.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.\n\n\n\n\n\n\nThe reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \\ (backslashes) coming further back are kept.\n\nFor example, a file name such as /..\\..\\webapps\\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\\..\\webapps\\shell.war in its webapps directory and can then be executed.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-154",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-154 Resource Location Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T07:35:35.790Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160"
},
{
"url": "https://github.com/eclipse-rap/org.eclipse.rap/pull/141"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution in Eclipse RAP on Windows",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2023-4760",
"datePublished": "2023-09-21T07:35:35.790Z",
"dateReserved": "2023-09-04T16:06:47.588Z",
"dateUpdated": "2024-09-24T16:26:06.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4760 (GCVE-0-2023-4760)
Vulnerability from nvd – Published: 2023-09-21 07:35 – Updated: 2024-09-24 16:26
VLAI
Title
Remote Code Execution in Eclipse RAP on Windows
Summary
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.
The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept.
For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Eclipse RAP |
Affected:
3.0.0 , ≤ 3.25.0
(semver)
|
Date Public
2023-09-21 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-rap/org.eclipse.rap/pull/141"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T16:25:22.581958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T16:26:06.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Eclipse RAP",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "3.25.0",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-21T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIn Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.\u003cbr\u003e\n\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe reason for this is a not completely secure extraction of the file name in the \u003ccode\u003eFileUploadProcessor.stripFileName(String name)\u003c/code\u003e method. As soon as this finds a \u003ccode\u003e/\u003c/code\u003e in the path, everything before it is removed, but potentially \u003ccode\u003e\\\u003c/code\u003e (backslashes) coming further back are kept.\u003cbr\u003e\nFor example, a file name such as \u003ccode\u003e/..\\..\\webapps\\shell.war\u003c/code\u003e can be used to upload a file to a Tomcat server under Windows, which is then saved as \u003ccode\u003e..\\..\\webapps\\shell.war\u003c/code\u003e in its \u003ccode\u003ewebapps\u003c/code\u003e directory and can then be executed.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.\n\n\n\n\n\n\nThe reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \\ (backslashes) coming further back are kept.\n\nFor example, a file name such as /..\\..\\webapps\\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\\..\\webapps\\shell.war in its webapps directory and can then be executed.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-154",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-154 Resource Location Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T07:35:35.790Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160"
},
{
"url": "https://github.com/eclipse-rap/org.eclipse.rap/pull/141"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution in Eclipse RAP on Windows",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2023-4760",
"datePublished": "2023-09-21T07:35:35.790Z",
"dateReserved": "2023-09-04T16:06:47.588Z",
"dateUpdated": "2024-09-24T16:26:06.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}