HTTP: Apache Pluto PortletV3AnnotatedDemo MultipartPortlet Arbitrary File Upload
This signature detects attempt to exploit an arbitrary file upload vulnerability which has been reported in Apache Pluto PortletV3AnnotatedDemo MultipartPortlet. An unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary file upload and possible remote code execution.
Extended Description
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
Affected Products
Apache pluto
Short Name
HTTP:APACHE-PLUTO-PORTLET-RCE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apache Arbitrary CVE-2018-1306 File MultipartPortlet Pluto PortletV3AnnotatedDemo Upload
Release Date
09/26/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3665
False Positive
Unknown
Vendors
Apache
CVSS Score
5.0