CVE-2018-1263

MEDIUM LAB

Vmware Spring Integration Zip < 1.0.2 - Path Traversal

Title source: rule

Description

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

Exploits (1)

nomisec WORKING POC 1 stars

by sakib570 · poc

https://github.com/sakib570/CVE-2018-1263-Demo

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104179

[Vendor Advisory] https://pivotal.io/security/cve-2018-1263

Scores

CVSS v3 4.7

EPSS 0.0073

EPSS Percentile 72.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull vulhub/phpmyadmin:4.8.1

docker pull mysql:latest

https://github.com/sakib570/CVE-2018-1263-Demo

View in Library

Details

CWE

CWE-22

Status published

Products (2)

org.springframework.integration/spring-integration-zip 0 - 1.0.2Maven

vmware/spring_integration_zip < 1.0.2

Published May 15, 2018

Tracked Since Feb 18, 2026