News

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability – CVE-2014-7816

WildFly[1], formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms.

WildFly is free and open-source software, subject to the requirements of the GNU Lesser General Public License (LGPL), version 2.1.”

Directory traversal[2] vulnerability in WildFly 8.1.0.Final allows remote attackers to read arbitrary files via a .. (dot dot) in the URI parameter in a render action to standalone/configuration/standalone.xml or any other configuration file.

The vendor has proveid patches that fix the flaws. Our advisory with more detailed information can be found at our website[3]. CVE mitre website[4].

[1] http://wildfly.org/
[2] https://www.owasp.org/index.php/Testing_Directory_traversal/file_include_(OTG-AUTHZ-001)
[3] https://www.conviso.com.br/advisories/CVE-2014-7816.txt
[4] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-7816

Originalmente postado no Blog da Conviso Application Security – Siga-nos no Twitter @conviso Google+
About author

Articles

A team of professionals, highly connected on news, techniques and information about application security
Related posts
Application SecurityNews

Developer Community: Discover the benefits of participating

While development is often considered a solitary career, learning to code requires a collaborative…
Read more
Application SecurityNews

Conviso presents an overview of the current Brazilian AppSec scenario

Conviso released the results of the survey “The scenario of the Brazilian Application Security…
Read more
Application SecurityNews

Conviso acquires N-Stalker and conquers customers in over 30 countries

After 14 years in the Brazilian market, Conviso acquires N-Stalker, conquering not only customers in…
Read more

Deixe um comentário