Lucene search
HistoryFeb 20, 2015 - 4:59 p.m.
CVE-2014-8114
uberfire framework
path restriction
remote code execution
file upload
file download
security vulnerability
cve-2014-8114
nvd
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
86.1%
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
Affected configurations
Node
redhatuberfireMatch0.3.0
ORredhatuberfireMatch0.3.1
ORredhatuberfireMatch0.3.2
ORredhatuberfireMatch0.3.3
Related
prion
prion
Design/Logic Flaw
2015-02-20 16:59:00
osv
osv
UberFire Framework Improperly Restricts Paths
2022-05-14 01:10:41
cvelist
cvelist
CVE-2014-8114
2015-02-20 16:00:00
github
github
UberFire Framework Improperly Restricts Paths
2022-05-14 01:10:41
nvd
nvd
CVE-2014-8114
2015-02-20 16:59:02
redhat
redhat
(RHSA-2015:0234) Important: Red Hat JBoss BPM Suite 6.0.3 security update
2015-02-17 22:21:04
(RHSA-2015:0235) Important: Red Hat JBoss BRMS 6.0.3 security update
2015-02-17 22:22:40
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
86.1%
Related for CVE-2014-8114