E17-0xa41
CVSS:
6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
False Positive:
f
Variants:
1
Year:
2017
Description
This strike exploits a remote code execution in Mako Server application when default installation including tutorials was performed.
The vulnerability is due to improper sanitization of HTTP PUT requests to "save.lsp" web page.
By sending a maliciously crafted HTTP request, a remote, unauthenticated attacker could execute arbitrary operating system commands.