CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.5%
Added: 03/16/2017
CVE: CVE-2017-6187
BID: 96401
Disk Savvy Enterprise is a disk space usage analyzer.
A buffer overflow in the built-in web server in Disk Savvy Enterprise could allow remote code execution when handling a long URI in a GET request.
Contact the vendor for a patch or fixed version when available.
<https://www.exploit-db.com/exploits/41436/>
The Disk Savvy Enterprise web server is disabled by default.
Exploit works on Disk Savvy Enterprise 9.4.18 on Windows 7 Professional SP1 x64 and Windows 10 Professional x64.
Windows 7
Windows 10
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.5%