Lucene search
SAINT CorporationSAINT:F800208A06188FEB1F15CF095CD49C8BHistoryJul 16, 2015 - 12:00 a.m.
Accellion FTA getStatus command injection
2015-07-1600:00:00
SAINT Corporation
download.saintcorporation.com
18
0.957 High
EPSS
Percentile
99.4%
Added: 07/16/2015
CVE: CVE-2015-2857
Background
The Accellion File Transfer Appliance is a solution for secure file sharing.
Problem
A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the **oauth_token** parameter to the **getStatus** action.
Resolution
Apply software update FTA_9_11_210.
References
<https://www.exploit-db.com/exploits/37597/>
Limitations
Exploit works on software version FTA_9_11_200.
Platforms
Linux
Related
cve
cve
CVE-2015-2857
2017-08-22 15:29:00
saint
saint
Accellion FTA getStatus command injection
2015-07-16 00:00:00
Accellion FTA getStatus command injection
2015-07-16 00:00:00
Accellion FTA getStatus command injection
2015-07-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Accellion FTA getStatus verify_oauth_token Command Execution (CVE-2015-2857)
2016-09-25 00:00:00
prion
prion
Authentication flaw
2017-08-22 15:29:00
openvas
openvas
Accellion FTA RCE Vulnerability
2015-08-05 00:00:00
packetstorm
packetstorm
Accellion FTA getStatus verify_oauth_token Command Execution
2015-07-13 00:00:00
nvd
nvd
CVE-2015-2857
2017-08-22 15:29:00
cvelist
cvelist
CVE-2015-2857
2017-08-22 15:00:00
zdt
zdt
nessus
nessus
metasploit
metasploit
Accellion FTA 'statecode' Cookie Arbitrary File Read
2015-07-08 18:42:11