메뉴 건너뛰기

XEDITION

cve

CVE-2017-16594

관리자 2018.01.25 04:00 조회 수 : 2

This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fimage_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5117.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16594
번호 제목 글쓴이 날짜 조회 수
527 CVE-2014-3927 관리자 2017.04.04 4
526 CVE-2017-0127 관리자 2017.03.18 4
525 CVE-2017-0031 관리자 2017.03.18 4
524 CVE-2017-0017 관리자 2017.03.18 4
523 CVE-2016-6996 관리자 2016.10.14 4
522 CVE-2016-6993 관리자 2016.10.14 4
521 CVE-2017-17406 관리자 2018.01.25 3
520 CVE-2017-16591 관리자 2018.01.25 3
519 CVE-2016-10708 관리자 2018.01.25 3
518 CVE-2017-0898 관리자 2017.09.16 3
517 CVE-2017-14118 관리자 2017.09.04 3
516 CVE-2017-14122 관리자 2017.09.04 3
515 CVE-2017-14119 관리자 2017.09.04 3
514 CVE-2017-14117 관리자 2017.09.04 3
513 CVE-2017-14116 관리자 2017.09.04 3
위로