ID |
CVE-2017-9538
|
Sažetak |
The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism. |
Reference |
|
CVSS |
Base: | 4.0 |
Impact: | 2.9 |
Exploitability: | 8.0 |
|
Pristup |
Vektor | Složenost | Autentikacija |
NETWORK |
LOW |
SINGLE |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
NONE |
NONE |
PARTIAL |
|
CVSS vektor |
AV:N/AC:L/Au:S/C:N/I:N/A:P |
Zadnje važnije ažuriranje |
09-10-2018 - 20:01 |
Objavljeno |
03-10-2017 - 01:29 |