Lucene search

MitreCVE-2011-0678

HistoryJan 28, 2011 - 9:00 p.m.

CVE-2011-0678

2011-01-2821:00:30

mitre

web.nvd.nist.gov

cve-2011-0678

unrestricted file upload

lomtec activeweb professional 3.0

remote code execution

easyedit module

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.285

Percentile

96.9%

JSON

Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.

Affected configurations

Nvd

Node

lomtecactivewebMatch3.0professional

VendorProductVersionCPE
lomtecactiveweb3.0cpe:2.3:a:lomtec:activeweb:3.0:*:professional:*:*:*:*:*

Vendor	Product	Version	CPE
lomtec	activeweb	3.0	cpe:2.3:a:lomtec:activeweb:3.0::professional:::::

References

osvdb.org/70669

secunia.com/advisories/43031

www.exploitdevelopment.com/Vulnerabilities/2010-WEB-002.html

www.kb.cert.org/vuls/id/528212

www.securityfocus.com/bid/45985

www.vupen.com/english/advisories/2011/0217

exchange.xforce.ibmcloud.com/vulnerabilities/65013

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.285

Percentile

96.9%

JSON

Related for CVE-2011-0678