Vulnerability Description
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mutiny | Mutiny | <= 5.0-1.10 |
| Mutiny | Mutiny Virtual Appliance | - |
| Mutiny | Mutiny Appliance | - |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/701572US Government Resource
- https://community.rapid7.com/community/metasploit/blog/2013/05/15/new-1day-exploExploit
- http://www.kb.cert.org/vuls/id/701572US Government Resource
- https://community.rapid7.com/community/metasploit/blog/2013/05/15/new-1day-exploExploit
FAQ
What is CVE-2013-0136?
CVE-2013-0136 is a vulnerability with a CVSS score of 8.5 (HIGH). Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbit...
How severe is CVE-2013-0136?
CVE-2013-0136 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0136?
Check the references section above for vendor advisories and patch information. Affected products include: Mutiny Mutiny, Mutiny Mutiny Virtual Appliance, Mutiny Mutiny Appliance.