PT-2017-9394 · Attachecase · Attachecase Pro+2

Kazuki Furukawa

Published

2017-04-28

Updated

2017-05-10

CVE-2016-7843

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions AttacheCase for Java versions 0.60 and earlier AttacheCase Lite versions 1.4.6 and earlier AttacheCase Pro versions 1.5.7 and earlier

Description The issue allows remote attackers to read arbitrary files via specially crafted ATC files, due to a directory traversal vulnerability.

Recommendations For AttacheCase for Java versions 0.60 and earlier, update to a version later than 0.60. For AttacheCase Lite versions 1.4.6 and earlier, update to a version later than 1.4.6. For AttacheCase Pro versions 1.5.7 and earlier, update to a version later than 1.5.7.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2016-7843

Affected Products

Attachecase Lite

Attachecase Pro

Attachecase For Java

PT-2017-9394 · Attachecase · Attachecase Pro+2

CVE-2016-7843

Weakness Enumeration

Related Identifiers

Affected Products

References · 5