Vulnerability CVE-2016-5765


Published: 2016-11-29

Description:
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Microfocus -> Host access management and security server 
Microfocus -> Reflection for the web 
Microfocus -> Reflection security gateway 
Microfocus -> Reflection zfe 

 References:
http://support.attachmate.com/techdocs/1704.html
http://www.securityfocus.com/bid/94579
http://www.zerodayinitiative.com/advisories/ZDI-16-618

Copyright 2021, cxsecurity.com

 

Back to Top