Short Name |
HTTP:DIR:APJS-PORTAL-DIRTRAV |
---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Jetspeed Portal Site Manager ZIP File Upload Directory Traversal |
Release Date |
2016/03/28 |
Update Number |
2680 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects an attempt to exploit a known vulnerability against Apache Jetspeed Site Manager. Successful exploitation could allow an attacker to launch further attacks through crafted requests while uploading certain malicious archive files.
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."