CVE-2016-4314
published 2017-02-17CVE-2016-4314: Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a…
PriorityP341medium4.9CVSS 3.0
AVNACLPRHUINSUCHINAN
EXPLOIT
EPSS
12.35%
95.7th percentile
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wso2 | carbon | — | — |
CVSS provenance
nvdv3.04.9MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
WSO2 Carbon directory traversal vulnerability
osv·2022-05-14
CVE-2016-4314 [MEDIUM] WSO2 Carbon directory traversal vulnerability
WSO2 Carbon directory traversal vulnerability
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
GHSA
WSO2 Carbon directory traversal vulnerability
ghsa·2022-05-14
CVE-2016-4314 [MEDIUM] CWE-22 WSO2 Carbon directory traversal vulnerability
WSO2 Carbon directory traversal vulnerability
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
No detection rules found.
No writeups or analysis indexed.
http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txthttp://packetstormsecurity.com/files/138330/WSO2-Carbon-4.4.5-Local-File-Inclusion.htmlhttp://www.securityfocus.com/archive/1/539200/100/0/threadedhttp://www.securityfocus.com/bid/92473https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0098https://www.exploit-db.com/exploits/40240/http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txthttp://packetstormsecurity.com/files/138330/WSO2-Carbon-4.4.5-Local-File-Inclusion.htmlhttp://www.securityfocus.com/archive/1/539200/100/0/threadedhttp://www.securityfocus.com/bid/92473https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0098https://www.exploit-db.com/exploits/40240/
2017-02-17
Published