cnvd - cnvd-2015-02833

cnvd-2015-02833

Vulnerability from cnvd

Title: Novell ZENworks 'doPost'方法远程代码执行漏洞

Description:

Novell ZENworks是一套支持在组织内跨资源进行自动化IT管理和业务流程管理的软件。

Novell ZENworks的Rtrlet类中的‘doPost’方法未能充分过滤上传文件的路径，允许远程攻击者可利用漏洞提交任意文件，并执行任意代码。

Severity: 中

Patch Name: Novell ZENworks 'doPost'方法远程代码执行漏洞的补丁

Patch Description:

Novell ZENworks是一套支持在组织内跨资源进行自动化IT管理和业务流程管理的软件。Novell ZENworks的Rtrlet类中的‘doPost’方法未能充分过滤上传文件的路径，允许远程攻击者可利用漏洞提交任意文件，并执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.novell.com/support/kb/doc.php?id=7016431

Reference: http://www.zerodayinitiative.com/advisories/ZDI-15-151

Impacted products

Name
Novell Zenworks

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0781"
    }
  },
  "description": "Novell ZENworks\u662f\u4e00\u5957\u652f\u6301\u5728\u7ec4\u7ec7\u5185\u8de8\u8d44\u6e90\u8fdb\u884c\u81ea\u52a8\u5316IT\u7ba1\u7406\u548c\u4e1a\u52a1\u6d41\u7a0b\u7ba1\u7406\u7684\u8f6f\u4ef6\u3002\r\n\r\nNovell ZENworks\u7684Rtrlet\u7c7b\u4e2d\u7684\u2018doPost\u2019\u65b9\u6cd5\u672a\u80fd\u5145\u5206\u8fc7\u6ee4\u4e0a\u4f20\u6587\u4ef6\u7684\u8def\u5f84\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u4efb\u610f\u6587\u4ef6\uff0c\u5e76\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.novell.com/support/kb/doc.php?id=7016431",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02833",
  "openTime": "2015-04-30",
  "patchDescription": "Novell ZENworks\u662f\u4e00\u5957\u652f\u6301\u5728\u7ec4\u7ec7\u5185\u8de8\u8d44\u6e90\u8fdb\u884c\u81ea\u52a8\u5316IT\u7ba1\u7406\u548c\u4e1a\u52a1\u6d41\u7a0b\u7ba1\u7406\u7684\u8f6f\u4ef6\u3002Novell ZENworks\u7684Rtrlet\u7c7b\u4e2d\u7684\u2018doPost\u2019\u65b9\u6cd5\u672a\u80fd\u5145\u5206\u8fc7\u6ee4\u4e0a\u4f20\u6587\u4ef6\u7684\u8def\u5f84\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u4efb\u610f\u6587\u4ef6\uff0c\u5e76\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Novell ZENworks \u0027doPost\u0027\u65b9\u6cd5\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Novell Zenworks"
  },
  "referenceLink": "http://www.zerodayinitiative.com/advisories/ZDI-15-151",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-30",
  "title": "Novell ZENworks \u0027doPost\u0027\u65b9\u6cd5\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2015-0781 (GCVE-0-2015-0781)

Vulnerability from cvelistv5

Published

2017-08-09 18:00

Modified

2024-08-06 04:26

Severity ?

CWE

Summary

Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.

References

▼	URL	Tags
	https://www.novell.com/support/kb/doc.php?id=7016431	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/74291	vdb-entry, x_refsource_BID
	http://www.zerodayinitiative.com/advisories/ZDI-15-151	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:26:09.807Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.novell.com/support/kb/doc.php?id=7016431"
          },
          {
            "name": "74291",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74291"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-151"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:16:04",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.novell.com/support/kb/doc.php?id=7016431"
        },
        {
          "name": "74291",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74291"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-151"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2015-0781",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.novell.com/support/kb/doc.php?id=7016431",
              "refsource": "CONFIRM",
              "url": "https://www.novell.com/support/kb/doc.php?id=7016431"
            },
            {
              "name": "74291",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74291"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-151",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-151"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2015-0781",
    "datePublished": "2017-08-09T18:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:26:09.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted