CVE-2016-0710

HIGH

Apache Jetspeed Arbitrary File Upload

Title source: metasploit

Description

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotejava

https://www.exploit-db.com/exploits/39643

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

by Andreas Lindh, wvu · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_jetspeed_file_upload.rb

View Code ZIP pw:eip

References (6)

[Exploit] http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and

[Exploit] http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html

[Various Sources] https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E

[Vendor Advisory] https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710

[Exploit] https://www.exploit-db.com/exploits/39643/

[Third Party Advisory] http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload

Scores

CVSS v3 8.8

EPSS 0.7922

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (2)

apache/jetspeed < 2.3.0

org.apache.portals.jetspeed-2/jetspeed 0 - 2.3.1Maven

Published Apr 11, 2016

Tracked Since Feb 18, 2026