CyberSec.Space Logo
返回 CVE 浏览器

CVE-2013-1080

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1840%
EPSS Percentile2.34th
Published2013年3月29日
Last Modified2026年4月29日

Vulnerability Description

The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.

Affected Platforms (CPE)

📦
Novell

Zenworks Configuration Management

= 10.3
📦
Novell

Zenworks Configuration Management

= 11.2

References & Advisories

🔗 http://www.exploit-db.com/exploits/24938
🔗 http://www.novell.com/support/kb/doc.php?id=7011812
🔗 http://www.novell.com/support/kb/doc.php?id=7012027
🔗 http://www.zerodayinitiative.com/advisories/ZDI-13-049/
🔗 http://www.exploit-db.com/exploits/24938
🔗 http://www.novell.com/support/kb/doc.php?id=7011812
🔗 http://www.novell.com/support/kb/doc.php?id=7012027
🔗 http://www.zerodayinitiative.com/advisories/ZDI-13-049/

相关漏洞威胁

CVE-2010-532310.0

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management ...

CVE-2010-532410.0

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management ...

CVE-2010-422910.0

Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novel...

CVE-2011-317510.0

Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote ...