Vulnerability Description
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Civetweb Project | Civetweb | >= 1.8, < 1.15 |
| Siemens | Sinec Infrastructure Network Services | < 1.0.1.1 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://groups.google.com/g/civetweb/c/yPBxNXdGgJQMailing ListThird Party Advisory
- https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-htExploitThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://groups.google.com/g/civetweb/c/yPBxNXdGgJQMailing ListThird Party Advisory
- https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-htExploitThird Party Advisory
FAQ
What is CVE-2020-27304?
CVE-2020-27304 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request AP...
How severe is CVE-2020-27304?
CVE-2020-27304 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-27304?
Check the references section above for vendor advisories and patch information. Affected products include: Civetweb Project Civetweb, Siemens Sinec Infrastructure Network Services.