CVE-2016-5803 – CA Unified Infrastructure Management download_lar Directory Traversal Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2016-5803

09 Nov 2016 — An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. Ha sido descubierto un problema en CA Unified Infrastructure Management Versión 8.47 y versiones anteriores. El software Unified Infrastructure Management utili... • http://www.securityfocus.com/bid/94243 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •