Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:10570
Category:Web application abuses
Title:Unify eWave ServletExec 3.0C file upload
Summary:ServletExec has a servlet called 'UploadServlet' in its server; side classes. UploadServlet, when invocable, allows an attacker to upload any file to any directory; on the server. The uploaded file may have code that can later be executed on the server,; leading to remote command execution.
Description:Summary:
ServletExec has a servlet called 'UploadServlet' in its server
side classes. UploadServlet, when invocable, allows an attacker to upload any file to any directory
on the server. The uploaded file may have code that can later be executed on the server,
leading to remote command execution.

Solution:
No known solution was made available for at least one year since
the disclosure of this vulnerability. Likely none will be provided anymore. General solution options
are to upgrade to a newer release, disable respective features, remove the product or replace the
product by another one.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 1876
Common Vulnerability Exposure (CVE) ID: CVE-2000-1024
http://www.securityfocus.com/bid/1876
Bugtraq: 20001101 Unify eWave ServletExec upload (Google Search)
http://marc.info/?l=bugtraq&m=97306581513537&w=2
XForce ISS Database: ewave-servletexec-file-upload(5450)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5450
CopyrightCopyright (C) 2000 Matt Moore

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.