Vulnerability Description
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipswitch | Moveit Dmz | <= 8.1 |
Related Weaknesses (CWE)
References
- http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdfVendor Advisory
- http://packetstormsecurity.com/files/135459/Ipswitch-MOVEit-DMZ-8.1-File-ID-Enum
- http://seclists.org/fulldisclosure/2016/Jan/95
- https://www.profundis-labs.com/advisories/CVE-2015-7677.txt
- http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdfVendor Advisory
- http://packetstormsecurity.com/files/135459/Ipswitch-MOVEit-DMZ-8.1-File-ID-Enum
- http://seclists.org/fulldisclosure/2016/Jan/95
- https://www.profundis-labs.com/advisories/CVE-2015-7677.txt
FAQ
What is CVE-2015-7677?
CVE-2015-7677 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X...
How severe is CVE-2015-7677?
CVE-2015-7677 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7677?
Check the references section above for vendor advisories and patch information. Affected products include: Ipswitch Moveit Dmz.