CVE-2011-4714
published 2011-12-08CVE-2011-4714: Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL.
PriorityP336medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.93%
89.1th percentile
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vvertex | muster | <= 6.1.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Muster Render Farm Management System - Arbitrary File Download
exploitdb·2011-12-01
CVE-2011-4714 Muster Render Farm Management System - Arbitrary File Download
Muster Render Farm Management System - Arbitrary File Download
---
#Name: Muster Render Farm Management System Arbitrary File Download
#Vendor Website : http://www.vvertex.com/muster.html
#Date Released : November 29, 2011
#Affected Software : Muster < 6.20
#Researcher : Nick Freeman ([email protected])
#Description
#Security-Assessment.com has discovered a vulnerability with the Muster 6.1.6 web management server. This issue #can be exploited by an unauthenticated user to gain full control of the web management interface, and to send #arbitrary commands to all Muster clients.
#Exploitation
#It is possible to download any file on the Muster server by exploiting a vulnerability in the web server. By #using directory traversal characters (\..\..\) in the URL, it is pos
Exploit-DB
Virtual Vertex Muster 6.1.6 - Web Interface Directory Traversal
exploitdb·2011-11-29
CVE-2011-4714 Virtual Vertex Muster 6.1.6 - Web Interface Directory Traversal
Virtual Vertex Muster 6.1.6 - Web Interface Directory Traversal
---
source: https://www.securityfocus.com/bid/50841/info
Virtual Vertex Muster is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks.
Virtual Vertex Muster 6.1.6 is vulnerable; other versions may also be affected.
The following example request is available:
GET /a\..\..\muster.db HTTP/1.1
No writeups or analysis indexed.
http://osvdb.org/77375http://secunia.com/advisories/46991http://www.exploit-db.com/exploits/18185http://www.security-assessment.com/files/documents/advisory/Muster-Arbitrary_File_Download.pdfhttp://www.securityfocus.com/bid/50841https://exchange.xforce.ibmcloud.com/vulnerabilities/71513http://osvdb.org/77375http://secunia.com/advisories/46991http://www.exploit-db.com/exploits/18185http://www.security-assessment.com/files/documents/advisory/Muster-Arbitrary_File_Download.pdfhttp://www.securityfocus.com/bid/50841https://exchange.xforce.ibmcloud.com/vulnerabilities/71513
2011-12-08
Published