CVE-2018-1306

HIGH

Apache Pluto 3.0.0 - Exposure of Sensitive Information via File Upload Path Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2018-1306. PoCs published by Che-Chun Kuo, dawetmaster, andikahilmy.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass via HTTP verb tampering (HEAD method) and remote code execution through arbitrary file upload and directory traversal in Apache Portals Pluto 3.0.0. It uploads a JSP webshell to execute system commands.

Description

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.

Exploits (4)

exploitdb WORKING POC
by Che-Chun Kuo · textwebappswindows
https://www.exploit-db.com/exploits/45396

This exploit demonstrates an authentication bypass via HTTP verb tampering (HEAD method) and remote code execution through arbitrary file upload and directory traversal in Apache Portals Pluto 3.0.0. It uploads a JSP webshell to execute system commands.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Apache Portals Pluto 3.0.0
No auth needed
Prerequisites: Network access to the target server · Apache Pluto 3.0.0 running on Tomcat
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2018-1306-portals-pluto-vulnerable

This repository contains a vulnerable version of the Apache Pluto portal demonstrating CVE-2018-1306, which involves improper handling of header dependencies in portlet applications. The code includes a header method that dynamically injects CSS dependencies, potentially allowing for XSS or other injection attacks.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Apache Pluto Portal (version affected by CVE-2018-1306)
No auth needed
Prerequisites: Access to a vulnerable Apache Pluto portal instance
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec WORKING POC
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2018-1306-portals-pluto-vulnerable

This repository contains a vulnerable version of Apache Pluto's ChatRoomDemo and PortletHubDemo applications, which are affected by CVE-2018-1306. The code demonstrates the vulnerability in a functional context, allowing for exploitation of the issue.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Apache Pluto (versions affected by CVE-2018-1306)
No auth needed
Prerequisites: Access to a vulnerable Apache Pluto instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by JJSO12 · poc
https://github.com/JJSO12/Apache-Pluto-3.0.0--CVE-2018-1306

This PoC exploits CVE-2018-1306 in Apache Pluto 3.0.0 by tampering with HTTP methods to bypass authorization and upload a malicious JSP file. The script uses the HEAD method to upload a webshell, which is then accessible at a predictable path.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Apache Pluto 3.0.0
No auth needed
Prerequisites: Network access to the target Apache Pluto instance · A JSP webshell file to upload
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45396/
Mitigation, Vendor Advisory x_refsource_misc
http://portals.apache.org/pluto/security.html

Scores

CVSS v3 7.5
EPSS 0.6899
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
apache/pluto 3.0.0
org.apache.portals.pluto/pluto-container 3.0.0 - 3.0.1Maven
Published Jun 27, 2018
Tracked Since Feb 18, 2026