CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-5869

HIGH
8.8
CVSS Severity Score
EPSS Score0.0330%
EPSS Percentile13.15th
Published2017年3月24日
Last Modified2026年5月13日

Vulnerability Description

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.

Affected Platforms (CPE)

📦
Nuxeo

Nuxeo

= 6.0
📦
Nuxeo

Nuxeo

= 7.1
📦
Nuxeo

Nuxeo

= 7.2
📦
Nuxeo

Nuxeo

= 7.3

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2017/03/23/6
🔗 http://www.securityfocus.com/bid/97083
🔗 https://sysdream.com/news/lab/2017-03-23-cve-2017-5869-nuxeo-platform-remote-code-execution/
🔗 https://www.exploit-db.com/exploits/41748/
🔗 http://www.openwall.com/lists/oss-security/2017/03/23/6
🔗 http://www.securityfocus.com/bid/97083
🔗 https://sysdream.com/news/lab/2017-03-23-cve-2017-5869-nuxeo-platform-remote-code-execution/
🔗 https://www.exploit-db.com/exploits/41748/

関連する脆弱性情報

CVE-2013-45219.8

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deseri...

CVE-2021-328285.4

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oau...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...