CVE-2016-6517

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.

Ссылки

http://www.openwall.com/lists/oss-security/2016/08/01/5
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/08/02/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/92215
http://www.openwall.com/lists/oss-security/2016/08/01/5
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/08/02/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/92215

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:liferay:liferay:5.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01282

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-3jfc-fh8w-4r9g