Vulnerability Details : CVE-2016-1593
Public exploit exists!
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2016-1593
Probability of exploitation activity in the next 30 days: 88.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-1593
-
Novell ServiceDesk Authenticated File Upload
Disclosure Date: 2016-03-30First seen: 2020-04-26exploit/multi/http/novell_servicedesk_rceThis module exploits an authenticated arbitrary file upload via directory traversal to execute code on the target. It has been tested on versions 6.5 and 7.1.0, in Windows and Linux installations of Novell ServiceDesk, as well as the Virtual Appliance provided by Nov
CVSS scores for CVE-2016-1593
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2016-1593
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1593
-
https://www.exploit-db.com/exploits/39708/
Novell ServiceDesk - (Authenticated) Arbitrary File Upload (Metasploit)
-
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-desk-7.1.0.txt
Exploit
-
https://www.novell.com/support/kb/doc.php?id=7017428
Service Desk Path Traversal Vulnerability (CVE-2016-1593)Vendor Advisory
-
https://packetstormsecurity.com/files/136646
Novell Service Desk 7.1.0 Code Execution / Information Disclosure ≈ Packet StormExploit
-
http://packetstormsecurity.com/files/136717/Novell-ServiceDesk-Authenticated-File-Upload.html
Novell ServiceDesk Authenticated File Upload ≈ Packet Storm
-
http://www.rapid7.com/db/modules/exploit/multi/http/novell_servicedesk_rce
Novell ServiceDesk Authenticated File Upload
-
https://www.exploit-db.com/exploits/39687/
Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities
-
http://www.securityfocus.com/archive/1/538043/100/0/threaded
SecurityFocus
Products affected by CVE-2016-1593
- cpe:2.3:a:novell:service_desk:*:*:*:*:*:*:*:*