Vert.x-Web StaticHandler wildcard path exfiltration Windows
CVE-2023-24815 Published on February 9, 2023

Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return "/" + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability.

Github Repository NVD

Vulnerability Analysis

CVE-2023-24815 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2023-24815. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is a Directory traversal Vulnerability?

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE-2023-24815 has been classified to as a Directory traversal vulnerability or weakness.


Products Associated with CVE-2023-24815

Want to know whenever a new CVE is published for Eclipse Vert X Web? stack.watch will email you.

Eclipse Vert X Web
 

Affected Versions

vert-x3 vertx-web Version >= 4.0.0, < 4.3.8 is affected by CVE-2023-24815

Vulnerable Packages

The following package name and versions may be associated with CVE-2023-24815

Package Manager Vulnerable Package Versions Fixed In
maven io.vertx:vertx-web >= 4.0.0, < 4.3.8 4.3.8

Exploit Probability

EPSS
0.35%
Percentile
57.96%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.