HTTP: Lexmark Markvision LibraryFileUploadServlet Directory Traversal

This signature detects attempts to exploit a known vulnerability against Lexmark Markvision Enterprise . A successful attack can result in directory traversal attacks.

Extended Description

Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.

Affected Products

Lexmark markvision_enterprise

References

CVE: CVE-2014-9375

Short Name
HTTP:LEXMARK-LIB-FILE-DIR-TRAV
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2014-9375 Directory Lexmark LibraryFileUploadServlet Markvision Traversal
Release Date
05/04/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Lexmark

CVSS Score

9.0

Found a potential security threat?