CVE-2016-0710

HIGH

Apache Jetspeed Arbitrary File Upload

Title source: metasploit

Description

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

Exploits (2)

metasploit WORKING POC MANUAL

by Andreas Lindh, wvu · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_jetspeed_file_upload.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotejava

https://www.exploit-db.com/exploits/39643

View Code ZIP pw:eip

References (6)

[Exploit] http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and

[Exploit] http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html

[Various Sources] https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E

[Vendor Advisory] https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710

[Exploit] https://www.exploit-db.com/exploits/39643/

[Third Party Advisory] http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload

Scores

CVSS v3 8.8

EPSS 0.7922

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-89

Status draft

Affected Products (2)

apache/jetspeed < 2.3.0

org.apache.portals.jetspeed-2/jetspeed < 2.3.1Maven

Timeline

Published Apr 11, 2016

Tracked Since Feb 18, 2026