CVE-2016-1610
Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.
Vulnerabilidad de salto de directorio en la caracterĂstica email-template en Novell Filr en versiones anteriores a 1.2 Security Update 3 y 2.0 en versiones anteriores a Security Update 2 permite a atacantes remotos eludir restricciones destinadas al acceso y escribir a archivos arbitrarios a travĂ©s de .. (punto punto) en un nombre del blob.
Multiple Micro Focus Filr appliances suffer from cross site request forgery, cross site scripting, command injection, insecure design, missing cookie flag, authentication bypass, poor permission, and path traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-12 CVE Reserved
- 2016-07-25 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/bugtraq/2016/Jul/119 | Mailing List |
|
| http://www.securityfocus.com/bid/92113 | Vdb Entry | |
| https://download.novell.com/Download?buildid=3V-3ArYN85I~ | X_refsource_confirm | |
| https://download.novell.com/Download?buildid=BOTiHcBFfv0~ | X_refsource_confirm | |
| https://www.novell.com/support/kb/doc.php?id=7017788 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/40161 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Filr Search vendor "Novell" for product "Filr" | <= 1.2 Search vendor "Novell" for product "Filr" and version " <= 1.2" | security_update_2 |
Affected
| ||||||
| Novell Search vendor "Novell" | Filr Search vendor "Novell" for product "Filr" | <= 2.0 Search vendor "Novell" for product "Filr" and version " <= 2.0" | security_update_1 |
Affected
| ||||||