SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Apache Pluto Arbitrary File Creation

Category: WEB-ATTACKS      

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1306


Relevant Information