cbcvebase.
CVE-2014-6035
published 2014-12-04

CVE-2014-6035: Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and…

PriorityP263high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
26.20%
97.7th percentile
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
zohocorpmanageengine_opmanager<= 11.3
zohocorpmanageengine_opmanager

Detection & IOCsextracted from sources · hover to see the quote

url/servlets/FileCollector?AGENTKEY=123&FILENAME=../../../tomcat/webapps/warfile.war
path../../../tomcat/webapps/warfile.war
  • Detect HTTP POST requests to /servlets/FileCollector with a FILENAME parameter containing directory traversal sequences (../) targeting the Tomcat webapps directory
  • Flag unauthenticated POST requests to the FileCollector servlet — exploitation of CVE-2014-6035 requires no authentication on OpManager
  • Alert on WAR file uploads via the FILENAME parameter in requests to /servlets/FileCollector, as this enables remote code execution by dropping a WAR payload into the Tomcat webapps directory
  • ·CVE-2014-6035 specifically targets the /servlets/FileCollector endpoint (note: plural 'servlets'), distinct from the related CVE-2014-6034 which targets /servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector — ensure detection rules cover both paths
  • ·Affected versions for CVE-2014-6035 span OpManager v? to v11.4; the lower bound is unconfirmed, so treat all pre-11.5 OpManager deployments as potentially vulnerable
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.