CVE-2013-0136

01.06.2013, 14:21

Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	8.5 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:S/C:C/I:C/A:C
certcc	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
mutiny	mutiny	𝑥 ≤ 5.0-1.10
mutiny	mutiny	5.0-1.00
mutiny	mutiny_virtual_appliance	-
mutiny	mutiny_appliance	-

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://www.kb.cert.org/vuls/id/701572

https://community.rapid7.com/community/metasploit/blog/2013/05/15/new-1day-exploits-mutiny-vulnerabilities

http://www.kb.cert.org/vuls/id/701572

https://community.rapid7.com/community/metasploit/blog/2013/05/15/new-1day-exploits-mutiny-vulnerabilities