all InfoSec news
CVE-2023-4760 (remote_application_platform)
Sept. 21, 2023, 8:15 a.m. |
National Vulnerability Database web.nvd.nist.gov
The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept.
For example, a file name such as /..\..\webapps\shell.war can be used to upload a …
code code execution cve eclipse file fileupload name path rap remote code remote code execution windows
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-21380 (android)
6 months ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Red Team Operator
@ JPMorgan Chase & Co. | LONDON, United Kingdom
SOC Analyst
@ Resillion | Bengaluru, India
Director of Cyber Security
@ Revinate | San Francisco Bay Area
Jr. Security Incident Response Analyst
@ Kaseya | Miami, Florida, United States
Infrastructure Vulnerability Consultant - (Cloud Security , CSPM)
@ Blue Yonder | Hyderabad
Product Security Lead
@ Lely | Maassluis, Netherlands