PT-2017-9394 · Attachecase · Attachecase Pro+2

Kazuki Furukawa

·

Publicado

2017-04-28

·

Atualizado

2017-05-10

·

CVE-2016-7843

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions AttacheCase for Java versions 0.60 and earlier AttacheCase Lite versions 1.4.6 and earlier AttacheCase Pro versions 1.5.7 and earlier
Description The issue allows remote attackers to read arbitrary files via specially crafted ATC files, due to a directory traversal vulnerability.
Recommendations For AttacheCase for Java versions 0.60 and earlier, update to a version later than 0.60. For AttacheCase Lite versions 1.4.6 and earlier, update to a version later than 1.4.6. For AttacheCase Pro versions 1.5.7 and earlier, update to a version later than 1.5.7.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2016-7843

Produtos afetados

Attachecase Lite
Attachecase Pro
Attachecase For Java