Directory traversal

2013-09-2819:55:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.624 Medium

EPSS

Percentile

97.8%

JSON

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a … (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.

CPENameOperatorVersion
cloudforms_management_engineeq5.1

CPE	Name	Operator	Version
	cloudforms_management_engine	eq	5.1

References

rhn.redhat.com/errata/RHSA-2013-1206.html

bugzilla.redhat.com/show_bug.cgi?id=960422

www.exploit-db.com/exploits/30469