Enhancement: cves/2021/CVE-2021-35250.yaml by md
parent
df7db6e8ac
commit
cb1488688a
|
@ -5,18 +5,19 @@ info:
|
|||
author: johnk3r,pdteam
|
||||
severity: high
|
||||
description: |
|
||||
A researcher reported a Directory Traversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.
|
||||
SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://github.com/rissor41/SolarWinds-CVE-2021-35250
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-35250
|
||||
- https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-3-HotFix-1?language=en_US
|
||||
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35250
|
||||
- https://twitter.com/shaybt12/status/1646966578695622662?s=43&t=5HOgSFut7Y75N7CBHEikSg
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-35250
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2021-35250
|
||||
cwe-id: CWE-22
|
||||
remediation: Resolved in Serv-U 15.3 Hotfix 1.
|
||||
metadata:
|
||||
shodan-query: product:"Rhinosoft Serv-U httpd"
|
||||
tags: cve,cve2021,solarwinds,traversal
|
||||
|
@ -40,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 401
|
||||
|
||||
# Enhanced by md on 2023/04/20
|
||||
|
|
Loading…
Reference in New Issue