Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-9097

Опубликовано: 16 июн. 2017
Источник: nvd
CVSS3: 9.1
CVSS2: 6.4
EPSS Низкий

Описание

In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hoytech:antiweb:*:*:*:*:*:*:*:*
Версия до 3.8.7 (включая)
cpe:2.3:a:hoytech:antiweb:3.0.7:hms2:*:*:*:*:*:*
cpe:2.3:a:hoytech:antiweb:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:hoytech:antiweb:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:hoytech:antiweb:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:hoytech:antiweb:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:hoytech:antiweb:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:hoytech:antiweb:3.8.2:*:*:*:*:*:*:*
cpe:2.3:a:hoytech:antiweb:3.8.3:*:*:*:*:*:*:*
cpe:2.3:a:hoytech:antiweb:3.8.4:*:*:*:*:*:*:*
cpe:2.3:a:hoytech:antiweb:3.8.5:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.09535
Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-jpg2-xrjx-58x8

CVSS3: 9.1
github
больше 3 лет назад

In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.

EPSS

Процентиль: 93%
0.09535
Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22