Vulnerability Description
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| New Atlanta | Bluedragon | <= 7.1.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/131504/BlueDragon-CFChart-Servlet-7.1.1.177ExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2015/Apr/49Third Party Advisory
- http://www.osvdb.org/119527Broken Link
- https://www.exploit-db.com/exploits/36815/Exploit
- https://www.portcullis-security.com/security-research-and-downloads/security-advExploit
- http://packetstormsecurity.com/files/131504/BlueDragon-CFChart-Servlet-7.1.1.177ExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2015/Apr/49Third Party Advisory
- http://www.osvdb.org/119527Broken Link
- https://www.exploit-db.com/exploits/36815/Exploit
- https://www.portcullis-security.com/security-research-and-downloads/security-advExploit
FAQ
What is CVE-2014-5370?
CVE-2014-5370 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitr...
How severe is CVE-2014-5370?
CVE-2014-5370 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5370?
Check the references section above for vendor advisories and patch information. Affected products include: New Atlanta Bluedragon.