CVE-2014-8114

Published: Feb 20, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.

Affected (4)

Products: Redhat: Uberfire

Redhat

1 product

Uberfire

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Uberfire	Version 0.3.0
Redhat Uberfire	Version 0.3.1
Redhat Uberfire	Version 0.3.2
Redhat Uberfire	Version 0.3.3

Related CWEs

CWE-264

References (8)

http://rhn.redhat.com/errata/RHSA-2015-0234.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-0235.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/88199

Source: secalert@redhat.com

https://github.com/uberfire/uberfire/commit/21ec50eb15

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-0234.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-0235.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/88199

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/uberfire/uberfire/commit/21ec50eb15

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.