PT-2000-1934 · Ewave · Ewave Servletexec

Publicado

2000-12-11

Atualizado

2017-10-10

CVE-2000-1024

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions eWave ServletExec versions 3.0C and earlier

Description The issue allows remote attackers to upload files and execute arbitrary commands due to a lack of access restriction to the UploadServlet Java/JSP servlet.

Recommendations For versions 3.0C and earlier, restrict access to the UploadServlet Java/JSP servlet to prevent remote file uploads and arbitrary command execution.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2000-1024

Produtos afetados

Ewave Servletexec

PT-2000-1934 · Ewave · Ewave Servletexec

CVE-2000-1024

Identificadores relacionados

Produtos afetados

Referências · 4