PT-2019-12136 · Wmspanel · Nimble Streamer

Publicado

2019-08-22

Atualizado

2019-08-27

CVE-2019-11013

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nimble Streamer versions 3.0.2-2 through 3.5.4-9

Description The issue allows an attacker to traverse the file system and access files or directories outside of the restricted directory on the remote server through a ../ directory traversal vulnerability.

Recommendations For versions 3.0.2-2 through 3.5.4-9, consider restricting access to sensitive files and directories until a patch is available. As a temporary workaround, limit the ability of the Nimble Streamer to access files outside of its intended directory.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2019-11013

Produtos afetados

Nimble Streamer

PT-2019-12136 · Wmspanel · Nimble Streamer

CVE-2019-11013

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5