CVE-2014-6035
published 2014-12-04CVE-2014-6035: Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and…
PriorityP263high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
26.20%
97.7th percentile
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_opmanager | <= 11.3 | — |
| zohocorp | manageengine_opmanager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP POST requests to /servlets/FileCollector with a FILENAME parameter containing directory traversal sequences (../) targeting the Tomcat webapps directory ↗
- →Flag unauthenticated POST requests to the FileCollector servlet — exploitation of CVE-2014-6035 requires no authentication on OpManager ↗
- →Alert on WAR file uploads via the FILENAME parameter in requests to /servlets/FileCollector, as this enables remote code execution by dropping a WAR payload into the Tomcat webapps directory ↗
- ·CVE-2014-6035 specifically targets the /servlets/FileCollector endpoint (note: plural 'servlets'), distinct from the related CVE-2014-6034 which targets /servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector — ensure detection rules cover both paths ↗
- ·Affected versions for CVE-2014-6035 span OpManager v? to v11.4; the lower bound is unconfirmed, so treat all pre-11.5 OpManager deployments as potentially vulnerable ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2014/Sep/110https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txthttps://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fixhttp://seclists.org/fulldisclosure/2014/Sep/110https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txthttps://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix
2014-12-04
Published