메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16605

관리자 2018.01.25 04:00 조회 수 : 211

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fattrs_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5196.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16605
번호 제목 글쓴이 날짜 조회 수
527 CVE-2018-6009 관리자 2018.01.25 219
526 CVE-2018-6014 관리자 2018.01.25 218
525 CVE-2017-0145 관리자 2017.03.18 218
524 CVE-2017-16594 관리자 2018.01.25 217
523 CVE-2016-3210 관리자 2016.06.17 217
522 CVE-2017-12709 관리자 2017.08.27 216
521 CVE-2016-3233 관리자 2016.06.17 215
520 CVE-2017-2741 관리자 2018.01.25 214
519 CVE-2017-12816 관리자 2017.08.27 214
518 CVE-2017-7930 관리자 2017.08.27 214
517 CVE-2017-12904 관리자 2017.08.27 214
516 CVE-2017-16615 관리자 2017.11.09 213
515 CVE-2017-2891 관리자 2017.11.09 213
514 CVE-2017-0151 관리자 2017.03.18 213
513 CVE-2016-3207 관리자 2016.06.17 213
위로