exploitDog

CVE-2015-1002

Опубликовано: 25 окт. 2015

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string.

Комментарий

CWE-177: Improper Handling of URL Encoding (Hex Encoding)

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ininet_solutions:scada_web_server:-:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.005

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-vfjv-4w2c-9qjf

github

больше 3 лет назад

IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string.

EPSS

Процентиль: 65%

0.005

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other