E15-3ln01
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
f
Variants:
20
Year:
2015
Description
This strike exploits a directory traversal vulnerability in Novell ZenWorks Configuration Management.
The vulnerability is due to improper handling of the uid parameter in UploadServlet.
By exploiting this vulnerability, an unauthenticated attacker can upload files in arbitrary locations on the server and execute them.
NOTE: By default the vulnerable services are accessed via SSL connection (port 443)