CVE-2013-0136
published 2013-06-01CVE-2013-0136: Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload…
PriorityP264high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
40.34%
98.5th percentile
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mutiny | mutiny | <= 5.0-1.10 | — |
| mutiny | mutiny | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on POST requests to the EditDocument servlet path (/interface/EditDocument) containing multipart form-data with an 'uploadPath' field value that includes directory traversal sequences (e.g., '../../../..'). ↗
- →Monitor for directory traversal patterns in the uploadPath, paths[], and newPath parameters of requests to the EditDocument servlet, as all are vulnerable to traversal for UPLOAD, DELETE, CUT, and COPY operations. ↗
- →Detect login sequences targeting /interface/j_security_check followed immediately by file upload POST to /interface/EditDocument — indicative of exploit automation (any authenticated role can exploit). ↗
- →Flag HTTP responses from the Mutiny frontend containing the JSON body {"success":true} in reply to multipart POST requests to EditDocument, especially when the uploadPath contains traversal sequences. ↗
- →Identify Mutiny appliances by the presence of 'var currentMutinyVersion' in HTTP response bodies; versions below 5.0-1.11 are vulnerable. ↗
- →Look for the Apache-Coyote server header in HTTP responses as a fingerprint for the vulnerable Mutiny appliance backend. ↗
- ·Exploitation requires valid credentials for any role in the Mutiny web frontend — the vulnerability is post-authentication, so network-level blocking of unauthenticated access alone is insufficient. ↗
- ·The default credentials used by the Metasploit module are [email protected] / password — deployments should be checked for unchanged default credentials. ↗
- ·Successful exploitation results in arbitrary code execution with root privileges, not just file upload — the impact extends beyond file write to full system compromise. ↗
- ·The exploit module targets Mutiny 5.0-1.07 specifically; the vulnerability affects all versions before 5.0-1.11. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mutiny 5 - Arbitrary File Upload (Metasploit)
exploitdb·2013-05-17
CVE-2013-0136 Mutiny 5 - Arbitrary File Upload (Metasploit)
Mutiny 5 - Arbitrary File Upload (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 [ /Apache-Coyote/ ] }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::EXE
include Msf::Exploit::FileDropper
def initialize(info = {})
super(update_info(info,
'Name' => 'Mutiny 5 Arbitrary File Upload',
'Description' => %q{
This module exploits a code execution flaw in the Mutiny 5 appliance. The
EditDocument servlet provides a file upload function to authenticated users. A
directory traversal vulnerability in the same functionality allows for arbitrary
Metasploit
Mutiny 5 Arbitrary File Read and Delete
metasploit
Mutiny 5 Arbitrary File Read and Delete
Mutiny 5 Arbitrary File Read and Delete
This module exploits the EditDocument servlet from the frontend on the Mutiny 5 appliance. The EditDocument servlet provides file operations, such as copy and delete, which are affected by a directory traversal vulnerability. Because of this, any authenticated frontend user can read and delete arbitrary files from the system with root privileges. In order to exploit the vulnerability a valid user (any role) in the web frontend is required. The module has been tested successfully on the Mutiny 5.0-1.07 appliance.
Metasploit
Mutiny 5 Arbitrary File Upload
metasploit
Mutiny 5 Arbitrary File Upload
Mutiny 5 Arbitrary File Upload
This module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root privileges. In order to exploit the vulnerability a valid user (any role) in the web frontend is required. The module has been tested successfully on the Mutiny 5.0-1.07 appliance.
No writeups or analysis indexed.
2013-06-01
Published