Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-1306
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Pluto 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Pluto是美国阿帕奇(Apache)软件基金会的一套Portlet容器的运行时环境。 Apache Pluto 3.0.0版本中的PortletV3AnnotatedDemo Multipart Portlet war文件代码存在安全漏洞,该漏洞源于在上传文件时程序没有限制提交的路径信息。远程攻击者可利用该漏洞获取配置数据和其他敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Apache Software FoundationApache Pluto 3.0.0 -
II. Public POCs for CVE-2018-1306
#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/JJSO12/Apache-Pluto-3.0.0--CVE-2018-1306POC Details
2Nonehttps://github.com/Imsol0/APACHE-CVE-2018-1306-Lab-projectPOC Details
3Nonehttps://github.com/andikahilmy/CVE-2018-1306-portals-pluto-vulnerablePOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2018-1306
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Apache Pluto
Same vendor: Apache Software Foundation
V. Comments for CVE-2018-1306

No comments yet

Leave a comment