HTTP: ManageEngine EventLog Analyzer agentUpload Directory Traversal
This signature detects directory traversal attempts on ManageEngine EventLog. Successful attack attempts could allow an attacker to view or overwrite sensitive system files.
Extended Description
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
Affected Products
Zohocorp manageengine_eventlog_analyzer
References
BugTraq: 69482
CVE: CVE-2014-6037
URL: https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt http://seclists.org/fulldisclosure/2014/Aug/86
Short Name
HTTP:MISC:MANAGENGINE-EVNTLG-CE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Analyzer CVE-2014-6037 Directory EventLog ManageEngine Traversal agentUpload bid:69482
Release Date
10/06/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Zohocorp
CVSS Score
7.5