HTTP: Mutiny 5 EditDocument Servlet Arbitrary File Upload
This signature detects attempts to exploit a known vulnerability against Mutiny 5. A successful attack can lead to the upload of an arbitrary file.
Extended Description
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
Affected Products
Mutiny mutiny_virtual_appliance
References
CVE: CVE-2013-0136
Short Name
HTTP:MISC:MUTINY-5-EDITDOCUMENT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
5 Arbitrary CVE-2013-0136 EditDocument File Mutiny Servlet Upload
Release Date
11/14/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Mutiny
CVSS Score
8.5