CVE-2016-10367

2017-05-03T10:59:00
ID CVE-2016-10367
Type cve
Reporter cve@mitre.org
Modified 2017-05-17T16:38:00

Description

In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /.