CVE-2016-0855
Advantech WebAccess Dashboard Viewer openWidget Directory Traversal Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.
Vulnerabilidad de salto de directorio en Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos listar archivos virtuales del directorio virtual a través de vectores no especificados.
This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the openWidget script allows unauthenticated callers to read the content of arbitrary files on the WebAccess server.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-17 CVE Reserved
- 2016-01-15 CVE Published
- 2024-08-05 CVE Updated
- 2024-09-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-122 | X_refsource_misc |
|
| http://www.zerodayinitiative.com/advisories/ZDI-16-123 | X_refsource_misc |
|
| http://www.zerodayinitiative.com/advisories/ZDI-16-124 | X_refsource_misc |
|
| http://www.zerodayinitiative.com/advisories/ZDI-16-125 | X_refsource_misc |
|
| http://www.zerodayinitiative.com/advisories/ZDI-16-126 | X_refsource_misc |
|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|