Описание
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:sterling_secure_proxy:6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:6.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:6.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:6.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:6.1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00086
Низкий
7.5 High
CVSS3
Дефекты
CWE-32
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
около 1 года назад
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.
EPSS
Процентиль: 25%
0.00086
Низкий
7.5 High
CVSS3
Дефекты
CWE-32
CWE-22