Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAndrea Micalizzi (rgod)ZDI-15-439
HistorySep 16, 2015 - 12:00 a.m.

GE MDS PulseNET FileDownloadServlet Directory Traversal Information Disclosure And Deletion Vulnerability

2015-09-1600:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
12

0.613 Medium

EPSS

Percentile

97.8%

JSON

This vulnerability allows remote attackers to read and delete arbitrary files on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileDownloadServlet. By specifying a filename including directory traversal, an attacker can read and then delete an arbitrary file on the system. The read and subsequent deletion will be performed under the context of SYSTEM.

Related

prion 1
cvelist 1
checkpoint_advisories 1
nvd 1
cve 1
ics 1
prion
prion
Path traversal
2015-09-18 22:59:00
cvelist
cvelist
CVE-2015-6459
2015-09-18 22:00:00
checkpoint_advisories
checkpoint_advisories
General Electric MDS PulseNET FileDownloadServlet Directory Traversal (CVE-2015-6459)
2015-10-07 00:00:00
nvd
nvd
CVE-2015-6459
2015-09-18 22:59:07
cve
cve
CVE-2015-6459
2015-09-18 22:59:07
ics
ics
GE MDS PulseNET Vulnerabilities
2018-08-27 12:00:00

0.613 Medium

EPSS

Percentile

97.8%

JSON
Related for ZDI-15-439
prion1cvelist1checkpoint_advisories1nvd1cve1ics1