vendor:
JDeveloper IDE
by:
John Page (aka hyp3rlinx)
4.7
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: JDeveloper IDE
Affected Version From: 11.1.1.7.0
Affected Version To: 12.2.1.2.0
Patch Exists: YES
Related CWE: CVE-2017-10273
CPE: oracle:jdeveloper
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Local
2017
Oracle JDeveloper IDE Directory Traversal
Attackers can place malicious files outside intended target directories if tricked into importing corrupt .WAR or .EAR archives. Later, attackers can potentially request these scripts/files to execute system commands on affected target.
Mitigation:
Oracle has released a patch for this vulnerability as part of CPU January 16, 2018