Web application abuses : hybris Commerce Directory Traversal Vulnerability (Feb 2015)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105955

Categoría: Web application abuses

Título: hybris Commerce Directory Traversal Vulnerability (Feb 2015) - Active Check

Resumen: hybris Commerce Software Suite is prone to a directory; traversal vulnerability.

Descripción: Summary:
hybris Commerce Software Suite is prone to a directory
traversal vulnerability.

Vulnerability Insight:
Webshops based on hybris may use a file retrieval system where
files are identified by a URL parameter named 'context' rather than a file name. The context is
base64 encoded and consists among other parameters the file name. This file name is vulnerable to
directory traversal.

Vulnerability Impact:
An unauthenticated attacker can retrieve arbitrary files which
might consist sensitive data which can be used for further attacks.

Affected Software/OS:
hybris Commerce Software Suite versions 5.0.0, 5.0.3, 5.0.4,
5.1, 5.1.1, 5.2 and 5.3.

Solution:
Update to version 5.0.0.4, 5.0.3.4, 5.0.4.5, 5.1.0.2,
5.1.1.3, 5.2.0.4, 5.3.0.2 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8871
BugTraq ID: 72681
http://www.securityfocus.com/bid/72681
Bugtraq: 20150218 [RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite (Google Search)
http://www.securityfocus.com/archive/1/534722/100/1600/threaded
http://seclists.org/fulldisclosure/2015/Feb/63
http://packetstormsecurity.com/files/130444/Hybris-Commerce-Software-Suite-5.x-File-Disclosure-Traversal.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105955
Categoría:	Web application abuses
Título:	hybris Commerce Directory Traversal Vulnerability (Feb 2015) - Active Check
Resumen:	hybris Commerce Software Suite is prone to a directory; traversal vulnerability.
Descripción:	Summary: hybris Commerce Software Suite is prone to a directory traversal vulnerability. Vulnerability Insight: Webshops based on hybris may use a file retrieval system where files are identified by a URL parameter named 'context' rather than a file name. The context is base64 encoded and consists among other parameters the file name. This file name is vulnerable to directory traversal. Vulnerability Impact: An unauthenticated attacker can retrieve arbitrary files which might consist sensitive data which can be used for further attacks. Affected Software/OS: hybris Commerce Software Suite versions 5.0.0, 5.0.3, 5.0.4, 5.1, 5.1.1, 5.2 and 5.3. Solution: Update to version 5.0.0.4, 5.0.3.4, 5.0.4.5, 5.1.0.2, 5.1.1.3, 5.2.0.4, 5.3.0.2 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8871 BugTraq ID: 72681 http://www.securityfocus.com/bid/72681 Bugtraq: 20150218 [RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite (Google Search) http://www.securityfocus.com/archive/1/534722/100/1600/threaded http://seclists.org/fulldisclosure/2015/Feb/63 http://packetstormsecurity.com/files/130444/Hybris-Commerce-Software-Suite-5.x-File-Disclosure-Traversal.html
Copyright	Copyright (C) 2015 Greenbone AG