CVE-2021-34805

Опубликовано: 31 янв. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Критический

Описание

An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.

Ссылки

http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.html
Exploit
Third Party Advisory
VDB Entry
http://www.land-software.de/lfs.fau?prj=iweb&dn=faust+iserver
Product
Vendor Advisory
https://sec-consult.com/vulnerability-lab/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.html
Exploit
Third Party Advisory
VDB Entry
http://www.land-software.de/lfs.fau?prj=iweb&dn=faust+iserver
Product
Vendor Advisory
https://sec-consult.com/vulnerability-lab/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:land-software:faust_iserver:*:*:*:*:*:*:*:*

Версия от 9.0.017.017.1-3 (включая) до 9.0.019.019.7 (исключая)

EPSS

Процентиль: 100%

0.90222

Критический

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-m62x-9qq8-9g5h

github

около 4 лет назад