CVE-2023-4760
HIGHEclipse RAP 3.0.0-3.25.0 - Remote Code Execution via FileUpload Path Traversal
Title source: llmDescription
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept. For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.
References (2)
Core 2
Core References
Issue Tracking, Patch
https://github.com/eclipse-rap/org.eclipse.rap/pull/141
Exploit, Issue Tracking
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160
Scores
CVSS v3
7.6
EPSS
0.0038
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
CWE-23
Status
published
Products (1)
eclipse/remote_application_platform
3.0.0 - 3.25.0
Published
Sep 21, 2023
Tracked Since
Feb 18, 2026