First published: Tue May 01 2018(Updated: )
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | <4.16 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-10036 is an unrestricted file upload vulnerability in JFrog Artifactory before version 4.16.
The vulnerability allows remote attackers to deploy an arbitrary servlet application and execute arbitrary code or write to arbitrary files, potentially causing a denial of service.
CVE-2016-10036 has a severity rating of 9.8 (critical).
To fix the vulnerability, update JFrog Artifactory to version 4.16 or later.
More information about CVE-2016-10036 can be found in the JFrog Artifactory Release Notes and the provided references.