메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16604

관리자 2018.01.25 04:00 조회 수 : 197

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.cnnic.asset.deviceReport.deviceReport_005fexport_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5195.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16604
번호 제목 글쓴이 날짜 조회 수
152 CVE-2017-0083 관리자 2017.03.18 146
151 CVE-2017-0075 관리자 2017.03.18 146
150 CVE-2017-0043 관리자 2017.03.18 146
149 CVE-2017-6558 관리자 2017.03.10 146
148 CVE-2017-14094 관리자 2018.01.25 145
147 CVE-2017-14122 관리자 2017.09.04 145
146 CVE-2017-9644 관리자 2017.08.27 145
145 CVE-2017-13648 (graphicsmagick) 관리자 2017.08.27 145
144 CVE-2017-0026 관리자 2017.03.18 145
143 CVE-2017-2884 관리자 2017.11.09 144
142 CVE-2017-0091 관리자 2017.03.18 144
141 CVE-2017-16001 관리자 2017.11.09 143
140 CVE-2017-16548 관리자 2017.11.09 143
139 CVE-2017-6549 관리자 2017.03.10 143
138 CVE-2018-1045 관리자 2018.01.25 142
위로