메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16594

관리자 2018.01.25 04:00 조회 수 : 217

This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fimage_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5117.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16594
번호 제목 글쓴이 날짜 조회 수
527 CVE-2018-6009 관리자 2018.01.25 219
526 CVE-2017-7930 관리자 2017.08.27 219
525 CVE-2018-6014 관리자 2018.01.25 218
524 CVE-2017-0145 관리자 2017.03.18 218
» CVE-2017-16594 관리자 2018.01.25 217
522 CVE-2017-12709 관리자 2017.08.27 217
521 CVE-2016-3210 관리자 2016.06.17 217
520 CVE-2017-2741 관리자 2018.01.25 216
519 CVE-2017-12816 관리자 2017.08.27 215
518 CVE-2017-12904 관리자 2017.08.27 215
517 CVE-2016-3233 관리자 2016.06.17 215
516 CVE-2017-2891 관리자 2017.11.09 214
515 CVE-2017-12858 (libzip) 관리자 2017.08.27 214
514 CVE-2017-16615 관리자 2017.11.09 213
513 CVE-2017-0151 관리자 2017.03.18 213
위로