Signature Detail
Short Name |
HTTP:MISC:MUTINY-5-EDITDOCUMENT |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Mutiny 5 EditDocument Servlet Arbitrary File Upload |
Release Date |
2013/11/14 |
Update Number |
2319 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Mutiny 5 EditDocument Servlet Arbitrary File Upload
This signature detects attempts to exploit a known vulnerability against Mutiny 5. A successful attack can lead to the upload of an arbitrary file.
Extended Description
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
Affected Products
- mutiny 5.0-1.00
- mutiny up to 5.0-1.10
- mutiny mutiny_appliance -
- mutiny mutiny_virtual_appliance -
References
- CVE: CVE-2013-0136