漏洞关键信息 标题 NetGain Systems Enterprise Manager designer.script_005fsamples_jsp Type Directory Traversal Information Disclosure Vulnerability 识别信息 ZDI ID: ZDI-17-961 CAN ID: ZDI-CAN-5119 CVE ID: CVE-2017-16596 风险评分 CVSS Score: 7.8 受影响的厂商和产品 Affected Vendor: NetGain Systems Affected Product: Enterprise Manager 防护信息 Trend Micro Customer Protection: TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['29801']. 漏洞详细信息 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.designer.script_005fsamples_jsp servlet, which listens on TCP port 8081. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. 修复详情 Fixed version: v7.2.766 and above 披露时间线 2017-09-06 - Vulnerability reported to vendor 2017-12-13 - Coordinated public release of advisory 发现者 rgod