CVE-2012-2206
published 2012-08-17CVE-2012-2206: The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via…
PriorityP422low3.5CVSS 2.0
AVNACMAuSCPINAN
EXPLOIT
EPSS
2.01%
78.4th percentile
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | websphere_mq | — | — |
| ibm | websphere_mq | — | — |
| ibm | websphere_mq | — | — |
| ibm | websphere_mq | — | — |
| ibm | websphere_mq | — | — |
| ibm | websphere_mq | — | — |
| ibm | websphere_mq | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ulterius Server < 1.9.5.0 - Directory Traversal
exploitdb·2017-11-13·CVSS 7.5
CVE-2017-16806 [HIGH] Ulterius Server < 1.9.5.0 - Directory Traversal
Ulterius Server < 1.9.5.0 - Directory Traversal
---
# Exploit Title: Ulterius Server < 1.9.5.0 Directory Traversal Arbitrary File Access
# Date: 11/13/2017
# Exploit Author: Rick Osgood
# Vendor Homepage: https://ulterius.io/
# Software Link: https://github.com/Ulterius/server/tree/0e4f2113da287aac88a8b4c5f8364a03685d393d
# Version: < 1.9.5.0
# Tested on: Windows Server 2012 R2
# CVE : CVE-2017-16806
#
# You can download almost any file that resides on the same drive letter as Ulterius server.
# Example: http://ulteriusURL:22006/.../.../.../.../.../.../.../.../.../windows/win.ini
#
# Unfortunately, you need to know the path to the file you want to download.
# Fortunately, Ulterius indexes every file on the system, and it's usually stored in the same place:
# http://ulteriusURL:2206/.../f
Exploit-DB
IBM Websphere MQ File Transfer Edition Web Gateway - Insufficient Access Control
exploitdb·2012-08-13
CVE-2012-2206 IBM Websphere MQ File Transfer Edition Web Gateway - Insufficient Access Control
IBM Websphere MQ File Transfer Edition Web Gateway - Insufficient Access Control
---
*Exploit Author:* Nir Valtman
*Affected Platforms: *Version 7.0.4 and all previous versions of
WebSphereMQ File Transfer
Editionrunning
on all platforms are affected.
Apparently they
published the CVE above without mentioning my name, since I found it in the
same time while IBM's team found it. This mail contains the exploitation
methods of the CVE
above
*Description:* Malicious user is able to access other user's files and
filespaces.
*
*
*Details:*
*1. Privilege escalation to view other user's files and filespace*
I logged on using user "user2" (non-administrative account
with download\upload files permissions only) and then sent a GET request to
the following URL:
/transfer/?start=0&count=10&metada
No writeups or analysis indexed.
http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761http://www.exploit-db.com/exploits/20478/http://www.ibm.com/support/docview.wss?uid=swg21607481https://exchange.xforce.ibmcloud.com/vulnerabilities/77095http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761http://www.exploit-db.com/exploits/20478/http://www.ibm.com/support/docview.wss?uid=swg21607481https://exchange.xforce.ibmcloud.com/vulnerabilities/77095
2012-08-17
Published