메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16594

관리자 2018.01.25 04:00 조회 수 : 126

This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fimage_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5117.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16594
번호 제목 글쓴이 날짜 조회 수
527 CVE-2017-0024 관리자 2017.03.18 1
526 CVE-2017-0025 관리자 2017.03.18 1
525 CVE-2017-0023 관리자 2017.03.18 1
524 CVE-2017-0029 관리자 2017.03.18 1
523 CVE-2017-0035 관리자 2017.03.18 1
522 CVE-2017-0045 관리자 2017.03.18 1
521 CVE-2017-0075 관리자 2017.03.18 1
520 CVE-2017-0074 관리자 2017.03.18 1
519 CVE-2017-0053 관리자 2017.03.18 1
518 CVE-2017-0051 관리자 2017.03.18 1
517 CVE-2017-0052 관리자 2017.03.18 1
516 CVE-2017-0057 관리자 2017.03.18 1
515 CVE-2017-0056 관리자 2017.03.18 1
514 CVE-2017-0065 관리자 2017.03.18 1
513 CVE-2017-0063 관리자 2017.03.18 1
위로