Vulnerability CVE-2014-3088
Published: 2014-07-01   Modified: 2014-07-02

Description:
stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload.

See advisories in our WLB2 database:
Topic
Author
Date
High
IBM Sametime Meet Server 8.5 Arbitrary File Upload
Adriano Marcio M...
12.08.2014

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
IBM -> Sametime meeting server 

 References:
http://linux.oracle.com/errata/ELSA-2014-0747.html
http://packetstormsecurity.com/files/127294
http://packetstormsecurity.com/files/127829/IBM-Sametime-Meet-Server-8.5-Arbitrary-File-Upload.html
http://www.securityfocus.com/bid/68291
Copyright 2024, cxsecurity.com

 

Back to Top