all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Path Traversal Affecting Multiple CData Products

Add to bookmarks
April 5, 2024, 1:49 p.m. | Evan Grant

Tenable Research Advisories www.tenable.com

Path Traversal Affecting Multiple CData Products

A researcher at Tenable discovered a path traversal vulnerability affecting the Java versions of multiple CData products when deployed using the embedded Jetty server, with varying impacts per product. The issue exists because of a combination of how the embedded Jetty server and CData servlets handle requests.

Technical Details

The path traversal can be leveraged as a result of the following conditions:

  • The servlet mappings and security constraints laid out in each application's web.xml …

application attachment cookie date encoding evan filename grant http json length options path path traversal products server transfer x-frame-options

Visit resource

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 4 days ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass 1 week, 4 days ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 week, 6 days ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 3 weeks, 4 days ago | www.tenable.com
application attachment cookie date +14
LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com
assistant led vulnerabilities
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com
arcserve data data protection protection +1
Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com
analytics azure azure synapse caching +8
Showdownjs Denial of Service 2 months ago | www.tenable.com
can command concept conditions +17
Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com
accesstoken admin adobe authentication +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Architect - Northwest region (Remote)

@ GuidePoint Security LLC | Remote
View on infosec-jobs.com

Senior Consultant, Cyber Security Architecture

@ 6point6 | Manchester, United Kingdom
View on infosec-jobs.com

Junior Security Architect

@ IQ-EQ | Port Louis, Mauritius
View on infosec-jobs.com

Senior Detection & Response Engineer

@ Expel | Remote
View on infosec-jobs.com

Cyber Security Systems Engineer ISSE Splunk

@ SAP | Southbank (Melbourne), VIC, AU, 3006
View on infosec-jobs.com
View more jobs