Path traversal in hiawatha - CVE-2019-8358
Published: February 14, 2019 / Updated: February 18, 2019
Vulnerability identifier: #VU17695
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-8358
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Hiawatha
Affected software:
hiawatha
hiawatha
Detailed vulnerability description
The vulnerability allows a remote attacker to conduct directory traversal attack.
The weakness exists due to path traversal when AllowDotFiles is enabled. A remote attacker can conduct directory traversal attack and cause the service ot crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to path traversal when AllowDotFiles is enabled. A remote attacker can conduct directory traversal attack and cause the service ot crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2019-8358
Update to version 10.8.4.