PT-2001-1536 · Bajie · Bajie Http Jserver

Publicado

2001-04-04

Atualizado

2008-09-05

CVE-2001-0308

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Bajie HTTP JServer versions 0.78 and possibly other versions before 0.80

Description The issue allows remote attackers to execute arbitrary commands by calling the UploadServlet to upload a program, then using a modified approach to access the file created for the program.

Recommendations For versions 0.78 and possibly other versions before 0.80, consider disabling the UploadServlet until a patch is available to prevent remote attackers from executing arbitrary commands.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2001-0308

Produtos afetados

Bajie Http Jserver

PT-2001-1536 · Bajie · Bajie Http Jserver

CVE-2001-0308

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5