Published: 11/04/2016 Updated: 07/11/2023

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed prior to 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache jetspeed

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, ...

This Metasploit module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, versions 230 and unknown earlier versions, to upload and execute a shell Note: this exploit will create, use, and then delete a new admin user Warning: in testing, exploiting the file upload clobbered the web interface beyond ...

CWE-22 http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html https://www.exploit-db.com/exploits/39643/https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709 https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C281D02D0-6A03-4421-9D86-E73B001C8677%40bluesunrise.com%3E https://nvd.nist.gov https://www.exploit-db.com/exploits/39643/

CVE-2016-0709

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect