GE MDS PulseNET FileDownloadServlet Directory Traversal Information Disclosure And Deletion Vulnerability

2015-09-16T00:00:00
ID ZDI-15-439
Type zdi
Reporter Andrea Micalizzi (rgod)
Modified 2015-11-09T00:00:00

Description

This vulnerability allows remote attackers to read and delete arbitrary files on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the FileDownloadServlet. By specifying a filename including directory traversal, an attacker can read and then delete an arbitrary file on the system. The read and subsequent deletion will be performed under the context of SYSTEM.