CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27304 – civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API
https://notcve.org/view.php?id=CVE-2020-27304
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal La biblioteca web CivetWeb no comprueba las rutas de los archivos cargados cuando se ejecuta en un sistema operativo distinto de Windows, cuando es usado el mecanismo incorporado de carga de archivos basado en formularios HTTP, por medio de la API mg_handle_form_request. Las aplicaciones web que usan el manejador de formularios de carga de archivos, y usan partes del nombre de archivo controlado por el usuario en la ruta de salida, son susceptibles a un salto de directorio A remote code execution vulnerability was found in CivetWeb (embeddable web server/library). Due to a directory traversal issue, an attacker is able to add or overwrite files that are subsequently executed which lead to impact to confidentiality, integrity, and availability of the application. • https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server https://access.redhat.com/security/cve/CVE-2020-27304 https://bugzilla.redhat.com/show_bug.cgi?id=2016640 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12684
https://notcve.org/view.php?id=CVE-2018-12684
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. Lectura fuera de límites en la función send_ssi_file en civetweb.c en CivetWeb hasta la versión 1.10 permite que los atacantes provoquen una divulgación de información por denegación de servicio (DoS) mediante un archivo SSI manipulado. • https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552 https://github.com/civetweb/civetweb/issues/633 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •