CVE-2014-8115

Vulnerability

KIE Workbench 6.0.x contains a vulnerability in its default authorization constraints that allows remote authenticated users to read or write arbitrary files on the server filesystem. The issue resides in several servlets—DecisionTableXLSFileServlet, ScoreCardXLSFileServlet, FileUploadServlet, and FileDownloadServlet—which did not restrict file access paths. The fix introduced includes-path and excludes-path init-parameters to limit access to git://** and default://** schemes while explicitly excluding file://** URIs [3]. Affected versions include all KIE Workbench 6.0.x releases.

Exploitation

An attacker must have a valid user account with network access to the KIE Workbench instance. By crafting HTTP requests to the vulnerable servlets with file:// URIs, the attacker can read or write arbitrary files on the server. No additional privileges or user interaction beyond authentication are required.

Impact

Successful exploitation enables an attacker to read sensitive files (e.g., configuration files, credentials) or write malicious content to the filesystem. This can lead to information disclosure, privilege escalation, or remote code execution depending on the application server's permissions. The attacker gains file system access at the privilege level of the application server process.

Mitigation

Red Hat released security advisories RHSA-2015-0234 [1] and RHSA-2015-0235 [2] for Red Hat JBoss BPM Suite 6.0.3 and Red Hat JBoss BRMS 6.0.3, respectively, which include the fix. Users should upgrade to these or later versions. The fix is also available in the upstream commit [3]. No workaround is documented; upgrading is the recommended action.