Miggo Logo
Miggo Vulnerability Database
CVE-2018-10862

CVE-2018-10862: Improper Limitation of a Pathname to a Restricted Directory in WildFly

5.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-10862
GHSA ID
GHSA-w8r2-5j8x-x8j6
EPSS Score
0.54927%
CWE
CWE-22
Published
5/14/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.wildfly.core:wildfly-servermaven<= 6.0.0.Alpha26.0.0.Alpha3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The core vulnerability manifests in the unzip method's handling of ZIP entry paths. The patch changes show:

  1. unzip() originally used targetDir.resolve(name) which doesn't prevent path traversal
  2. The fix replaces this with resolveSecurely() which adds validation
  3. resolveSecurely() itself was modified to ensure proper path containment checks Runtime exploitation would show these functions in the call stack when processing malicious WAR files, as they handle path resolution during archive extraction.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Wil**ly *or* ***or* v*rsion *.*.*.*lp*** *o*s not prop*rly v*li**t* *il* p*t*s in .w*r *r**iv*s, *llowin* *or t** *xtr**tion o* *r**t** .w*r *r**iv*s to ov*rwrit* *r*itr*ry *il*s. T*is is *n inst*n** o* t** 'Zip Slip' vuln*r**ility.

Reasoning

T** *or* vuln*r**ility m*ni**sts in t** unzip m*t*o*'s **n*lin* o* ZIP *ntry p*t*s. T** p*t** ***n**s s*ow: *. unzip() ori*in*lly us** t*r**t*ir.r*solv*(n*m*) w*i** *o*sn't pr*v*nt p*t* tr*v*rs*l *. T** *ix r*pl***s t*is wit* r*solv*S**ur*ly() w*i**