PT-2015-6035 · Neojapan · Neojapan Desknet Neo

Hiroyuki Yamashita

Published

2015-09-05

Updated

2015-09-11

CVE-2015-2990

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions NEOJAPAN desknet NEO versions 2.0R1.0 through 2.5R1.4

Description A directory traversal issue exists in zhtml.cgi, allowing remote authenticated users to read arbitrary files by providing a crafted parameter.

Recommendations For versions 2.0R1.0 through 2.5R1.4, consider restricting access to the zhtml.cgi script until a fix is available. As a temporary workaround, avoid using crafted parameters that could exploit the directory traversal issue in zhtml.cgi.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2015-2990

Affected Products

Neojapan Desknet Neo

PT-2015-6035 · Neojapan · Neojapan Desknet Neo

CVE-2015-2990

Weakness Enumeration

Related Identifiers

Affected Products

References · 4