Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/147378/Jfrog-Artifactory-Code-Execution-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/44543/ | Exploit Third Party Advisory VDB Entry |
https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory4.16 | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-05-01T19:00:00
Updated: 2018-05-01T18:57:01
Reserved: 2016-12-23T00:00:00
Link: CVE-2016-10036
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-05-01T19:29:01.013
Modified: 2018-06-13T14:23:58.963
Link: CVE-2016-10036
JSON object: View
Redhat Information
No data.
CWE