virus logo Intrusion Prevention

Zip.Slip.Archive.Extraction.Path.Traversal.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Execution vulnerability in multiple ZIP archive libraries and products.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted file. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted archive file.

affected-products-logoAffected Products

npm library unzipper versions prior to 0.8.13
npm library adm-zip versions prior to 0.4.9
Java library plexus-archiver versions prior to 3.6.0
Java library zt-zip versions prior to 1.13
Java library zip4j
.NET library DotNetZip.Semverd versions prior to 1.11.0
.NET library SharpCompress versions prior to 0.21.0
.NET library archiver versions prior to e4ef56d4
Oracle java.util.zip
Apache commons-compress
.NET library SharpZipLib
Ruby gem zip-ruby
Ruby gem rubyzip
Ruby gem zipruby
Go library archive
Apache Storm versions prior to 1.0.7
Apache Hadoop
Apache Hive
Apache Maven
Apache Ant versions prior to 1.9.12
Pivotal spring-integration-zip versions prior to 1.0.1
HP Fortify Cloud Scan Jenkins Plugin
OWASP DependencyCheck
Amazon AWS Toolkit for Eclipse
SonarCube SonarCube
Cinchapi Concourse
Orient Technologies OrientDB
FenixEdu Academic
Lucee Lucee

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Visit the individual vendor's site for updates.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-01-24 26.721 Sig Added
2020-08-12 15.904 Sig Added
2018-09-25 13.457 Sig Added
ID 46226
Created Jun 12, 2018
Updated Jan 24, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2018-15536 CVE-2018-7836 CVE-2018-1263 CVE-2018-1261 CVE-2018-8009 CVE-2018-8009 CVE-2018-1002207 CVE-2018-8008 CVE-2018-1002206 CVE-2018-1002205 CVE-2018-1002202 CVE-2018-1002201 CVE-2018-1002200 CVE-2018-1002204 CVE-2018-1002203
Exploit Prediction Score 6.27%
Default Action drop
Active
Affected OS All
Affected App Other