메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16595

관리자 2018.01.25 04:00 조회 수 : 115

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5118.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16595
번호 제목 글쓴이 날짜 조회 수
437 CVE-2017-2891 관리자 2017.11.09 10
436 CVE-2017-12707 관리자 2017.08.27 10
435 CVE-2017-0143 관리자 2017.03.18 10
434 CVE-2018-1000013 관리자 2018.01.25 9
433 CVE-2018-1000009 관리자 2018.01.25 9
432 CVE-2017-18048 관리자 2018.01.25 9
431 CVE-2017-18049 관리자 2018.01.25 9
430 CVE-2017-17858 관리자 2018.01.25 9
429 CVE-2017-18046 관리자 2018.01.25 9
428 CVE-2017-12119 관리자 2018.01.25 9
427 CVE-2017-14460 관리자 2018.01.25 9
426 CVE-2017-12112 관리자 2018.01.25 9
425 CVE-2017-12115 관리자 2018.01.25 9
424 CVE-2017-14094 관리자 2018.01.25 9
423 CVE-2017-14097 관리자 2018.01.25 9
위로