Directory Traversal Vulnerability in Novell ZENworks Configuration Management
CVE-2010-5324

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 7 June 2015

What is CVE-2010-5324?

The directory traversal vulnerability in the UploadServlet of Novell ZENworks Configuration Management (ZCM) 10 allows remote attackers to execute arbitrary code. By sending a specifically crafted zenworks-fileupload request containing an altered directory name within the type parameter, along with a malicious WAR filename in the filename parameter and corresponding content in the POST data, attackers can exploit this flaw. This is distinct from previous vulnerabilities and emphasizes the importance of patching affected versions.

References

https://www.novell.com/support/kb/doc.php?id=7005573

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-10-078/

x_refsource_MISC

http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-07...

x_refsource_MISC

EPSS Score

75% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2015
Vulnerability Reserved
Jun 7, 2015