Path Traversal Affecting Multiple CData Products | allinfosecnews.com

April 5, 2024, 1:49 p.m. | Evan Grant

Tenable Research Advisories www.tenable.com

Path Traversal Affecting Multiple CData Products

A researcher at Tenable discovered a path traversal vulnerability affecting the Java versions of multiple CData products when deployed using the embedded Jetty server, with varying impacts per product. The issue exists because of a combination of how the embedded Jetty server and CData servlets handle requests.

Technical Details

The path traversal can be leveraged as a result of the following conditions:

The servlet mappings and security constraints laid out in each application's web.xml …

application attachment cookie date encoding evan filename grant http json length options path path traversal products server transfer x-frame-options

More from www.tenable.com / Tenable Research Advisories

Fluent Bit Memory Corruption Vulnerability 2 weeks, 1 day ago | www.tenable.com

corruption memory memory corruption vulnerability

Cross-Site Scripting in WordPress RSS Aggregator Plugin 2 weeks, 4 days ago | www.tenable.com

cross-site plugin rss scripting +1

Solidus Stored Cross-Site Scripting 2 weeks, 5 days ago | www.tenable.com

cross-site inject javascript malicious +8

CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities 3 weeks, 2 days ago | www.tenable.com

access account action admin +42

Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities 3 weeks, 5 days ago | www.tenable.com

cve cve-2024 cvss delta +11

Approach.App Multiple Vulnerabilities 1 month, 1 week ago | www.tenable.com

app application exploitation management +9

Karros Technologies Authentication Bypass 1 month, 1 week ago | www.tenable.com

authentication authentication bypass bypass technologies

Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 month, 2 weeks ago | www.tenable.com

avalanche big buffer buffer overflow +12

Path Traversal Affecting Multiple CData Products 1 month, 3 weeks ago | www.tenable.com

application attachment cookie date +14

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com