cbcvebase.
CVE-2013-1080
published 2013-03-29

CVE-2013-1080: The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for…

PriorityP180critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
77.05%
99.5th percentile
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.

Affected

2 ranges
VendorProductVersion rangeFixed in
novellzenworks_configuration_management
novellzenworks_configuration_management

Detection & IOCsextracted from sources · hover to see the quote

url/zenworks/jsp/index.jsp?pageid=newDocumentWizard
url/zenworks/jsp/fw/internal/Login.jsp
port443
path../webapps/
path../../opt/novell/zenworks/share/tomcat/webapps/
  • Detect unauthenticated POST requests to /zenworks/jsp/index.jsp with pageid=newDocumentWizard, which is the upload endpoint abused for directory traversal and WAR file deployment.
  • Look for multipart/form-data POST requests to /zenworks/jsp/index.jsp on TCP port 443 from unauthenticated sources; a 302 response indicates a successful upload.
  • After a WAR upload, watch for a follow-up GET request to a newly deployed JSP path (random alphanumeric app name and JSP name) as the payload execution trigger.
  • The exploit targets servers responding with 'Novell ZENworks Control Center' in the body of /zenworks/jsp/fw/internal/Login.jsp; use this as a fingerprint for exposed vulnerable instances.
  • Server banner 'Apache-Coyote' is used by the exploit to fingerprint the target; correlate with ZENworks-specific URIs to confirm exposure.
  • ·The exploit requires SSL (HTTPS) on port 443; detection rules must inspect TLS-decrypted traffic to be effective.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.