Simplessus 3.7.7 path 目录遍历

条目历史差异jsonxmlCTI

在Simplessus 3.7.7中曾发现一漏洞，此漏洞被评为致命。此漏洞会影响某些未知进程。手动调试的软件参数:path使用输入：..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd不合法输入可导致目录遍历。漏洞的CWE定义是 CWE-22。此漏洞的脆弱性 2017-02-16由公示人Dr. Adrian Vollmer、公示人身份[SYSS-2017-004] Simplessus Files: Path Traversal、公示人类型为Mailinglist Post (Bugtraq)所提交。分享公告的网址是seclists.org。该漏洞被标识为CVE-2017-20105，攻击可能起始于远程，有技术细节可用。此外还有一个漏洞可利用。该漏洞利用已公开，可能会被利用。当前漏洞利用价值为美元大约是 $0-$5k。 MITRE ATT&CK项目使用攻击技术T1006来解决该问题。它被宣布为proof-of-concept。以下网址提供该漏洞利用：seclists.org。我们估计的零日攻击价值约为$0-$5k。升级到版本3.8.3能够解决此问题。建议对受到影响的组件升级。该漏洞被披露后，远在此前发表过可能的缓解措施。

字段	2017-02-24 15時41分	2020-08-17 09時19分	2022-06-25 18時20分
identifier	[SYSS-2017-004] Simplessus Files: Path Traversal	[SYSS-2017-004] Simplessus Files: Path Traversal	[SYSS-2017-004] Simplessus Files: Path Traversal
person_name	Dr. Adrian Vollmer	Dr. Adrian Vollmer	Dr. Adrian Vollmer
availability	1	1	1
date	1487203200 (2017-02-16)	1487203200 (2017-02-16)	1487203200 (2017-02-16)
publicity	1	1	1
url	http://seclists.org/bugtraq/2017/Feb/40	http://seclists.org/bugtraq/2017/Feb/40	http://seclists.org/bugtraq/2017/Feb/40
developer_name	Dr. Adrian Vollmer	Dr. Adrian Vollmer	Dr. Adrian Vollmer
price_0day	$0-$5k	$0-$5k	$0-$5k
name	升级	升级	升级
upgrade_version	3.8.3	3.8.3	3.8.3
seealso	97252	97252	97252
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	UR	UR	UR
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	R	R	R
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	S	S	S
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
name	Simplessus	Simplessus	Simplessus
version	3.7.7	3.7.7	3.7.7
argument	path	path	path
input_value	..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd	..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd	..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
risk	2	2	2
cvss2_vuldb_basescore	4.9	4.9	4.9
cvss2_vuldb_tempscore	3.6	3.6	3.6
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss3_meta_basescore	5.4	5.4	5.4
cvss3_meta_tempscore	4.7	4.7	4.7
cvss3_vuldb_basescore	5.4	5.4	5.4
cvss3_vuldb_tempscore	4.7	4.7	4.7
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
date	1487203200 (2017-02-16)	1487203200 (2017-02-16)	1487203200 (2017-02-16)
location	Bugtraq	Bugtraq	Bugtraq
type	Mailinglist Post	Mailinglist Post	Mailinglist Post
url	http://seclists.org/bugtraq/2017/Feb/40	http://seclists.org/bugtraq/2017/Feb/40	http://seclists.org/bugtraq/2017/Feb/40
cwe	0	22 (目录遍历)	22 (目录遍历)
cve			CVE-2017-20105
responsible			VulDB

◂ 上一步一览下一步 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!