PT-2008-2279 · Emc · Emc Documentum Administrator+1

Pablo Gaston Milano

Publicado

2008-02-07

Atualizado

2018-10-15

CVE-2008-0656

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC Documentum Administrator version 5.3.0.313 EMC Documentum Webtop version 5.3.0.317

Description The issue allows remote attackers to overwrite arbitrary files via the filename attribute in the dmclTrace.jsp file. This can be exploited by uploading files with malicious intent.

Recommendations For EMC Documentum Administrator version 5.3.0.313, restrict access to the dmclTrace.jsp file to prevent unauthorized file uploads. For EMC Documentum Webtop version 5.3.0.317, restrict access to the dmclTrace.jsp file to prevent unauthorized file uploads. As a temporary workaround, consider disabling the file upload functionality in the dmclTrace.jsp file until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2008-0656

Produtos afetados

Emc Documentum Administrator

Emc Documentum Webtop

PT-2008-2279 · Emc · Emc Documentum Administrator+1

CVE-2008-0656

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9