CVE-2014-6037
ManageEngine EventLog Analyzer UploadHandlerServlet File Upload Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
10Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
La vulnerabilidad transversal del directorio en el servlet agentUpload en ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 y 8.2 build 8020 permite a los atacantes remotos ejecutar código arbitrario al cargar un archivo ZIP que contiene un archivo ejecutable con secuencias .. (punto punto) en su nombre, y luego acceder el ejecutable a través de una solicitud directa al archivo bajo la raíz web. Corregido en Build 11072.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine EventLog Analyzer. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the UploadHandlerServlet servlet. The issue lies in the failure to sanitize the filenames uploaded to the servlet. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.
ManageEngine EventLog Analyzer version 9.9 suffers from unauthenticated remote code execution via shell upload and authorization vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-09-01 CVE Reserved
- 2014-09-01 CVE Published
- 2014-09-01 First Exploit
- 2024-08-06 CVE Updated
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/show/osvdb/110642 | Vdb Entry | |
| http://seclists.org/fulldisclosure/2014/Sep/1 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/34519 | 2014-09-01 | |
| https://www.exploit-db.com/exploits/34670 | 2014-09-15 | |
| http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html | 2024-08-06 | |
| http://seclists.org/fulldisclosure/2014/Aug/86 | 2024-08-06 | |
| http://seclists.org/fulldisclosure/2014/Sep/19 | 2024-08-06 | |
| http://seclists.org/fulldisclosure/2014/Sep/20 | 2024-08-06 | |
| http://www.exploit-db.com/exploits/34519 | 2024-08-06 | |
| http://www.securityfocus.com/bid/69482 | 2024-08-06 | |
| https://github.com/rapid7/metasploit-framework/pull/3732 | 2024-08-06 | |
| https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zohocorp Search vendor "Zohocorp" | Manageengine Eventlog Analyzer Search vendor "Zohocorp" for product "Manageengine Eventlog Analyzer" | 8.2 Search vendor "Zohocorp" for product "Manageengine Eventlog Analyzer" and version "8.2" | 8020 |
Affected
| ||||||
| Zohocorp Search vendor "Zohocorp" | Manageengine Eventlog Analyzer Search vendor "Zohocorp" for product "Manageengine Eventlog Analyzer" | 9.0 Search vendor "Zohocorp" for product "Manageengine Eventlog Analyzer" and version "9.0" | 9002 |
Affected
| ||||||