PT-2019-1634 · Openwsman+3 · Openwsman+3

Published

2019-03-12

Updated

2023-02-12

CVE-2019-3816

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Openwsman versions up to and including 2.6.9

Description The issue allows a remote, unauthenticated attacker to disclose arbitrary files by sending a specially crafted HTTP request to the openwsman server. This is due to the working directory of the openwsmand daemon being set to the root directory. The vulnerability can be exploited to reveal protected information.

Recommendations For Openwsman versions up to and including 2.6.9, consider updating to a version later than 2.6.9 to resolve the issue. As a temporary workaround, restrict access to the openwsman server to minimize the risk of exploitation.

Fix

Path traversal

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-200

Related Identifiers

AZL-36969

AZL-37151

BDU:2019-01182

CESA-2019_0638

CESA-2019_0972

CVE-2019-3816

OPENSUSE-SU-2019:1111-1

OPENSUSE-SU-2019_1111-1

OPENSUSE-SU-2019_1217-1

OPENSUSE-SU-2024:11130-1

RHSA-2019:0638

RHSA-2019:0972

RHSA-2019_0638

RHSA-2019_0972

SUSE-SU-2019:0654-1

SUSE-SU-2019:0656-1

SUSE-SU-2019:13981-1

SUSE-SU-2019_0654-1

SUSE-SU-2019_0656-1

SUSE-SU-2019_13981-1

Affected Products

Centos

Openwsman

Red Hat

Suse

PT-2019-1634 · Openwsman+3 · Openwsman+3

CVE-2019-3816

Weakness Enumeration

Related Identifiers

Affected Products

References · 35