PT-2017-16369 · Micro Focus · Open Enterprise Server

Published

2017-01-23

Updated

2020-02-24

CVE-2017-5182

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Open Enterprise Server (OES) versions prior to OES2015 SP1 Maintenance Update 11080 Open Enterprise Server (OES) versions prior to OES2015 Maintenance Update 11079 Open Enterprise Server (OES) versions prior to OES11 SP3 Maintenance Update 11078 Open Enterprise Server (OES) versions prior to OES11 SP2 Maintenance Update 11077

Description The issue allows unauthenticated remote attackers to read any arbitrary file via a specially crafted URL, enabling complete directory traversal and total information disclosure.

Recommendations For OES2015 SP1, apply Maintenance Update 11080 to resolve the issue. For OES2015, apply Maintenance Update 11079 to resolve the issue. For OES11 SP3, apply Maintenance Update 11078 to resolve the issue. For OES11 SP2, apply Maintenance Update 11077 to resolve the issue.

Fix

Information Disclosure

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-22

Related Identifiers

CVE-2017-5182

Affected Products

Open Enterprise Server

PT-2017-16369 · Micro Focus · Open Enterprise Server

CVE-2017-5182

Weakness Enumeration

Related Identifiers

Affected Products

References · 5