CVE-2015-0781
Novell Zenworks Rtrlet doPost Directory Traversal Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.
Una vulnerabilidad de salto de directorio en el método doPost de la clase Rtrlet en ZENworks Configuration Management (ZCM) de Novell permite que atacantes remotos suban y ejecuten archivos arbitrarios mediante vectores sin especificar.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. By default, authentication is not required to exploit this vulnerability.
The specific flaw exists within the doPost method of the Rtrlet class. The issue lies in the failure to sanitize the path of files uploaded, allowing files to be placed anywhere on the server. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-01-07 CVE Reserved
- 2015-04-22 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/74291 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-15-151 | X_refsource_misc | |
https://www.novell.com/support/kb/doc.php?id=7016431 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | - | - |
Affected
|