CVE-2013-2068

Name of the Vulnerable Software and Affected Versions Red Hat CloudForms Management Engine version 2.0

Description The issue concerns multiple directory traversal vulnerabilities in the AgentController. Remote attackers can exploit this to create and overwrite arbitrary files by including a .. (dot dot) in the filename parameter to specific methods. The affected methods include the log, upload, and linuxpkgs methods.

Recommendations For Red Hat CloudForms Management Engine version 2.0, consider restricting access to the AgentController to minimize the risk of exploitation. As a temporary workaround, avoid using the filename parameter in the affected methods until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.