HTTP: Novell ZENworks Configuration Management UploadServlet CVE-2015-0779 Directory Traversal
This signature detects attempts to exploit a known vulnerability againstNovell ZENworks Configuration Management. A successful attack can lead to Directory Traversal.
Extended Description
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
Affected Products
Novell zenworks_configuration_management
Short Name
HTTP:DIR:ZEN-CVE-2015-0779
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2015-0779 Configuration Directory Management Novell Traversal UploadServlet ZENworks
Release Date
02/06/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Novell
CVSS Score
10.0