PT-2019-1634 · Openwsman+3 · Openwsman+3

Publicado

2019-03-12

Atualizado

2023-02-12

CVE-2019-3816

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Openwsman versions up to and including 2.6.9

Description The issue allows a remote, unauthenticated attacker to disclose arbitrary files by sending a specially crafted HTTP request to the openwsman server. This is due to the working directory of the openwsmand daemon being set to the root directory. The vulnerability can be exploited to reveal protected information.

Recommendations For Openwsman versions up to and including 2.6.9, consider updating to a version later than 2.6.9 to resolve the issue. As a temporary workaround, restrict access to the openwsman server to minimize the risk of exploitation.

Correção

Path traversal

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22CWE-200

Identificadores relacionados

AZL-36969

AZL-37151

BDU:2019-01182

CESA-2019_0638

CESA-2019_0972

CVE-2019-3816

OPENSUSE-SU-2019:1111-1

OPENSUSE-SU-2019_1111-1

OPENSUSE-SU-2019_1217-1

OPENSUSE-SU-2024:11130-1

RHSA-2019:0638

RHSA-2019:0972

RHSA-2019_0638

RHSA-2019_0972

SUSE-SU-2019:0654-1

SUSE-SU-2019:0656-1

SUSE-SU-2019:13981-1

SUSE-SU-2019_0654-1

SUSE-SU-2019_0656-1

SUSE-SU-2019_13981-1

Produtos afetados

Centos

Openwsman

Red Hat

Suse

PT-2019-1634 · Openwsman+3 · Openwsman+3

CVE-2019-3816

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35