CVE-2020-27304
civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal
La biblioteca web CivetWeb no comprueba las rutas de los archivos cargados cuando se ejecuta en un sistema operativo distinto de Windows, cuando es usado el mecanismo incorporado de carga de archivos basado en formularios HTTP, por medio de la API mg_handle_form_request. Las aplicaciones web que usan el manejador de formularios de carga de archivos, y usan partes del nombre de archivo controlado por el usuario en la ruta de salida, son susceptibles a un salto de directorio
A remote code execution vulnerability was found in CivetWeb (embeddable web server/library). Due to a directory traversal issue, an attacker is able to add or overwrite files that are subsequently executed which lead to impact to confidentiality, integrity, and availability of the application.
The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes: OpenShift Dedicated support RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform. 1. Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. Issues addressed include denial of service, information leakage, memory exhaustion, remote shell upload, and traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-19 CVE Reserved
- 2021-10-21 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-23: Relative Path Traversal
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf | X_refsource_confirm |
|
| https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | 2022-06-14 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2020-27304 | 2021-12-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2016640 | 2021-12-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Civetweb Project Search vendor "Civetweb Project" | Civetweb Search vendor "Civetweb Project" for product "Civetweb" | >= 1.8 < 1.15 Search vendor "Civetweb Project" for product "Civetweb" and version " >= 1.8 < 1.15" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services" | < 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1" | - |
Affected
| ||||||