PT-2017-16361 · Apache+1 · Activemq Broker+1
Published
2017-02-13
·
Updated
2021-09-13
·
CVE-2017-5168
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hanwha Techwin Smart Security Manager versions 1.5 and prior
Hanwha Techwin Smart Security Manager versions 1.4 and prior to 1.31
Description
An issue was discovered in the ActiveMQ Broker service. Multiple Path Traversal vulnerabilities exist, allowing an attacker to gain access to arbitrary files on the server by issuing specific HTTP requests. If a user visits a malicious page, these vulnerabilities can allow for remote code execution.
Recommendations
For Hanwha Techwin Smart Security Manager versions 1.5 and prior, update to a version later than 1.5 to resolve the issue.
For Hanwha Techwin Smart Security Manager versions 1.4 and prior to 1.31, update to a version later than 1.31 to resolve the issue.
As a temporary workaround, consider restricting access to the ActiveMQ Broker service until a patch is available.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Activemq Broker
Hanwha Techwin Smart Security Manager