CVE-2014-8114

EUVD-2022-2796
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
redhatuberfire
0.3.0
redhatuberfire
0.3.1
redhatuberfire
0.3.2
redhatuberfire
0.3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2015-0234.html
http://rhn.redhat.com/errata/RHSA-2015-0235.html
http://www.securityfocus.com/bid/88199
https://github.com/uberfire/uberfire/commit/21ec50eb15
http://rhn.redhat.com/errata/RHSA-2015-0234.html
http://rhn.redhat.com/errata/RHSA-2015-0235.html
http://www.securityfocus.com/bid/88199
https://github.com/uberfire/uberfire/commit/21ec50eb15