CVE-2010-5323
published 2015-06-07CVE-2010-5323: Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows…
PriorityP266critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
14.46%
96.2th percentile
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| novell | zenworks_configuration_management | — | — |
| novell | zenworks_configuration_management | — | — |
| novell | zenworks_configuration_management | — | — |
| novell | zenworks_configuration_management | — | — |
| novell | zenworks_configuration_management | — | — |
| novell | zenworks_configuration_management | — | — |
| novell | zenworks_configuration_management | — | — |
| novell | zenworks_configuration_management | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /zenworks/UploadServlet?filename=../../webapps/<random>.war with Content-Type: application/octet-stream↗
- →Detect HTTP POST requests to /zenworks/UploadServlet where the 'filename' parameter contains directory traversal sequences (e.g., '../../') and the Content-Type is 'application/octet-stream', indicating an attempt to drop a WAR file outside the intended TEMP directory. ↗
- →After the WAR upload, watch for a follow-up GET request to a newly appeared short-named JSP path (e.g., /<random_alphanum>/<random_alphanum>.jsp) on the same host, which is the payload trigger step. ↗
- →The exploit targets servers responding with an 'Apache-Coyote' Server header; scope detection rules to ZENworks hosts identifiable by this header. ↗
- →A successful upload returns HTTP 200 from UploadServlet; correlate a 200 response to a traversal-containing filename parameter POST as a high-confidence exploitation indicator. ↗
- ·The exploit targets Novell ZENworks Configuration Management 10.2.0 specifically; versions 10.3 and later are patched. Ensure detection rules are scoped to vulnerable versions (ZCM 10 before 10.3). ↗
- ·The WAR filename and JSP name are randomly generated alphanumeric strings at runtime, so static filename-based IOCs will not match; detection must rely on the traversal pattern in the filename parameter rather than specific filenames. ↗
- ·The exploit supports Java Universal, Windows x86, and Linux x86 payloads; detection and response playbooks should account for all three platform targets. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9mwj-265r-f2gr: Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2010-5324 [CRITICAL] CWE-22 GHSA-9mwj-265r-f2gr: Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323.
GHSA
GHSA-3pg8-3336-w32h: Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2010-5323 [CRITICAL] CWE-22 GHSA-3pg8-3336-w32h: Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324.
GHSA
GHSA-49r7-w8p8-xgc3: Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-0779 [CRITICAL] CWE-22 GHSA-49r7-w8p8-xgc3: Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
No detection rules found.
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/16784/http://www.zerodayinitiative.com/advisories/ZDI-10-078/https://bugzilla.novell.com/show_bug.cgi?id=578911https://www.novell.com/support/kb/doc.php?id=7005573http://www.exploit-db.com/exploits/16784/http://www.zerodayinitiative.com/advisories/ZDI-10-078/https://bugzilla.novell.com/show_bug.cgi?id=578911https://www.novell.com/support/kb/doc.php?id=7005573
2015-06-07
Published