Lucene search
RootSSV:20463HistoryApr 13, 2011 - 12:00 a.m.
Novell ZENworks Configuration Management ZAM文件远程代码执行漏洞
2011-04-1300:00:00
Root
www.seebug.org
10
0.903 High
EPSS
Percentile
98.5%
Bugtraq ID: 47295
CVE ID:CVE-2010-4229
Novell ZENworks Configuration Management是一款帮助客户降低IT拥有成本的桌面管理软件。
Novell Zenworks distribution中用于上传文件的servlet存在缺陷。当处理文件路径名时,servlet没有正确检查文件名,攻击者构建包含目录遍历字符的文件名,当servet下载提供的文件时,会把文件存储到用户指定的位置,导致以服务进程上下文执行任意代码。
Novell ZENworks Configuration Management 10.1.2 a
Novell ZENworks Configuration Management 10.1.2
Novell ZENworks Configuration Management 10.3.1
Novell ZENworks Configuration Management 10.3
Novell ZENworks Configuration Management 10.1
厂商解决方案
用户可参考如下供应商提供的安全公告获得补丁信息:
http://www.novell.com/support/viewContent.do?externalId=7007841
Related
securityvulns
securityvulns
saint
saint
Novell ZENworks Asset Management File Upload Traversal
2011-05-27 00:00:00
Novell ZENworks Asset Management File Upload Traversal
2011-05-27 00:00:00
Novell ZENworks Asset Management File Upload Traversal
2011-05-27 00:00:00
cve
cve
CVE-2010-4229
2011-04-18 18:55:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Directory traversal
2011-04-18 18:55:00
zdi
zdi