HTTP: Apache Jetspeed Portal Site Manager ZIP File Upload Directory Traversal
This signature detects an attempt to exploit a known vulnerability against Apache Jetspeed Site Manager. Successful exploitation could allow an attacker to launch further attacks through crafted requests while uploading certain malicious archive files.
Extended Description
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."
Affected Products
Apache jetspeed
References
CVE: CVE-2016-0709
URL: https://portals.apache.org/jetspeed-2/security-reports.html#cve-2016-0709
Short Name
HTTP:DIR:APJS-PORTAL-DIRTRAV
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2016-0709 Directory File Jetspeed Manager Portal Site Traversal Upload ZIP
Release Date
03/28/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3689
False Positive
Unknown
Vendors
Apache
CVSS Score
9.0