Apache Pluto 3.0.0 Multipart Portlet War File Path Information Disclosure Vulnerability

Apache Pluto 3.0.0 Multipart Portlet War File Path Information Disclosure Vulnerability

CVE-2018-1306 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.

Learn more about our Cis Benchmark Audit For Apache Http Server.