Main Vulnerability Database Vulnerabilities #VU39478

#VU39478 Path traversal in dnaLIMS - CVE-2017-6527

Published: March 9, 2017 / Updated: August 9, 2020

Vulnerability identifier: #VU39478

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2017-6527

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
dnaLIMS

Software vendor:
dnaTools, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/96823
https://www.exploit-db.com/exploits/41578/
https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/

#VU39478 Path traversal in dnaLIMS - CVE-2017-6527

Description

Remediation

External links

Please verify you're human