Login Sign Up

CVE-2023-4760

7.6 HIGH
Remote Code Execution Path Traversal

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running vulnerable Eclipse RAP versions. Attackers can exploit insecure filename handling in the FileUpload component to write malicious files to sensitive directories like Tomcat's webapps folder. Only Eclipse RAP applications using the FileUpload component on Windows are affected.

💻 Affected Systems

Products:
  • Eclipse RAP
Versions: 3.0.0 through 3.25.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications using the FileUpload component on Windows; Linux/Unix systems are not vulnerable.

📦 What is this software?

Remote Application Platform by Eclipse

View all CVEs affecting Remote Application Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, allowing attackers to deploy web shells, steal data, or pivot to other systems.

🟠

Likely Case

Web shell deployment leading to data exfiltration, credential theft, or lateral movement within the network.

🟢

If Mitigated

File upload attempts are blocked or sanitized, preventing malicious file placement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires file upload functionality but no authentication; path traversal via backslashes enables arbitrary file write.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.26.0

Vendor Advisory: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160

Restart Required: Yes

Instructions:

1. Upgrade Eclipse RAP to version 3.26.0 or later. 2. Replace the FileUpload component with the patched version. 3. Restart the application server.

🔧 Temporary Workarounds

Disable FileUpload Component

all

Temporarily disable or remove the FileUpload component from the application.

Modify application configuration to disable file upload functionality

Implement Input Validation

windows

Add server-side validation to reject filenames containing path traversal sequences.

Implement filename sanitization: reject any filename containing '..\' or similar patterns

🧯 If You Can't Patch

  • Deploy a web application firewall (WAF) with rules to block path traversal attempts in file uploads.
  • Restrict file upload permissions to non-executable directories and implement strict file type validation.

🔍 How to Verify

Check if Vulnerable:

Check if Eclipse RAP version is between 3.0.0 and 3.25.0 and FileUpload component is used on Windows.

Check Version:

Check application dependencies or build configuration for org.eclipse.rap version.

Verify Fix Applied:

Verify Eclipse RAP version is 3.26.0 or later and test file upload with malicious filenames to ensure they are rejected.

📡 Detection & Monitoring

Log Indicators:

  • File upload requests with filenames containing '..\' patterns
  • Unexpected file writes to webapps or other sensitive directories

Network Indicators:

  • HTTP POST requests to file upload endpoints with suspicious filenames

SIEM Query:

source="web_logs" AND (filename="*..\\*" OR path="*..\\*")

📊 Metadata

CVE ID: CVE-2023-4760
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
CWE: CWE-22
Published: September 21, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4760, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)