CVE-2016-10036

EPSS 26.4%

Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.

Affected products

n/a · n/a

public PoCs found — 3

cve_referencepacketstormsecurity.com/files/147378/Jfrog-Artifactory-Code-Execution-Shell-Upload.htmlunverified cve_referencewww.exploit-db.com/exploits/44543/unverified exploitdbwww.exploit-db.com/exploits/44543unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/147378/Jfrog-Artifactory-Code-Execution-Shell-Upload.html https://www.exploit-db.com/exploits/44543/https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory4.16