#VU83226 Path traversal in MPXJ - CVE-2020-35460

Cybersecurity Help s.r.o.

Published: 2023-11-16

Vulnerability identifier: #VU83226

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-35460

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MPXJ
Universal components / Libraries / Libraries used by multiple products

Vendor: Jon Iles

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the zip stream handler flow within common/InputStreamHelper.java. A remote attacker can send a specially crafted HTTP request and writr arbitrary files on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

MPXJ: 8.3.0 - 8.3.4

External links
https://github.com/joniles/mpxj/commit/8eaf4225048ea5ba7e59ef4556dab2098fcc4a1d
https://www.mpxj.org/changes-report.html#a8.3.5
https://www.oracle.com/security-alerts/cpujan2021.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM TRIRIGA

Multiple vulnerabilities in Siemens COMOS

Path traversal in MPXJ