Vulnerability Description
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms Management Engine | 5.1 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-1206.htmlVendor Advisory
- http://www.exploit-db.com/exploits/30469
- https://bugzilla.redhat.com/show_bug.cgi?id=960422
- http://rhn.redhat.com/errata/RHSA-2013-1206.htmlVendor Advisory
- http://www.exploit-db.com/exploits/30469
- https://bugzilla.redhat.com/show_bug.cgi?id=960422
FAQ
What is CVE-2013-2068?
CVE-2013-2068 is a vulnerability with a CVSS score of 9.4 (HIGH). Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the...
How severe is CVE-2013-2068?
CVE-2013-2068 has been rated HIGH with a CVSS base score of 9.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2068?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cloudforms Management Engine.