Zip Slip vulnerability in WildFly Core before version 6.0.0.Alpha3 allows for arbitrary file overwrite through crafted .war archives.

Zip Slip vulnerability in WildFly Core before version 6.0.0.Alpha3 allows for arbitrary file overwrite through crafted .war archives.

CVE-2018-10862 · MEDIUM Severity

AV:N/AC:M/AU:S/C:N/I:P/A:P

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Learn more about our Web Application Penetration Testing UK.