Main Vulnerability Database SB2019051101

SB2019051101 - Path traversal in Apache Karaf

Published: May 11, 2019

Security Bulletin ID SB2019051101

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2019-0226)

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences within the Apache Karaf Config service that provides an install method via service or MBean. A remote authenticated attacker can use directory traversal characters to overwrite arbitrary files on the system.

Remediation

Install update from vendor's website.

References

https://lists.apache.org/thread.html/1baa6f1df0e95fb1cd679067117354af2ab4423277d9a0ff6e8bf790@%3Cdev.karaf.apache.org%3E