메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16595

관리자 2018.01.25 04:00 조회 수 : 205

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5118.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16595
번호 제목 글쓴이 날짜 조회 수
527 CVE-2017-7930 관리자 2017.08.27 220
526 CVE-2018-6009 관리자 2018.01.25 219
525 CVE-2017-0145 관리자 2017.03.18 219
524 CVE-2018-6014 관리자 2018.01.25 218
523 CVE-2017-16594 관리자 2018.01.25 217
522 CVE-2017-12709 관리자 2017.08.27 217
521 CVE-2016-3210 관리자 2016.06.17 217
520 CVE-2017-2741 관리자 2018.01.25 216
519 CVE-2017-12816 관리자 2017.08.27 215
518 CVE-2017-12904 관리자 2017.08.27 215
517 CVE-2017-12858 (libzip) 관리자 2017.08.27 215
516 CVE-2017-0151 관리자 2017.03.18 215
515 CVE-2016-3233 관리자 2016.06.17 215
514 CVE-2017-2891 관리자 2017.11.09 214
513 CVE-2018-6000 관리자 2018.01.25 213
위로