Directory Traversal Vulnerability in Novell ZENworks Configuration Management
CVE-2015-0779

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 7 June 2015

What is CVE-2015-0779?

A directory traversal vulnerability exists in the UploadServlet component of Novell ZENworks Configuration Management, specifically in versions 10 and 11 prior to 11.3.2. This flaw enables remote attackers to craft malicious directory names through the uid parameter, which can be exploited in conjunction with a WAR filename and corresponding content in the filename and POST data respectively, allowing the execution of arbitrary code on the server. This vulnerability is distinct from others such as CVE-2010-5323 and CVE-2010-5324, highlighting the need for targeted security mitigations.

References

https://github.com/rapid7/metasploit-framework/pull/5096

x_refsource_MISC

https://www.exploit-db.com/exploits/36964/

exploitx_refsource_EXPLOIT-DB

https://www.novell.com/support/kb/doc.php?id=7016419

x_refsource_CONFIRM

EPSS Score

81% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2015
Vulnerability Reserved
Jan 7, 2015