CVE-2018-18777
published 2018-11-01CVE-2018-18777: Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users…
PriorityP334medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EXPLOIT
EPSS
19.55%
97.0th percentile
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microstrategy | microstrategy_web | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd↗
- →Look for GET requests to /WebMstr7/servlet/mstrWeb with the 'subpage' parameter containing path traversal sequences (e.g., /.. or URL-encoded ..%2F) to detect exploitation attempts. ↗
- →Monitor for HTTP 200 responses to traversal requests targeting /WebMstr7/servlet/mstrWeb with subpage traversal payloads; a successful exploit returns /etc/passwd content matching 'root:.*:0:0:'. ↗
- →The exploit uses specific query parameters evt=3045 and src=mstrWeb.3045 alongside the traversal payload in the subpage parameter; alert on these parameter values in web logs. ↗
- ·Exploitation requires prior authentication; unauthenticated users cannot trigger this directory traversal vulnerability. ↗
- ·This affects only Microstrategy Web version 7, which is a deprecated product; detections should be scoped accordingly. ↗
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
exploitdb·2018-10-30·CVSS 6.1
CVE-2018-18777 [MEDIUM] Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
---
alert("XSS");
alert("XSS")
Nuclei
Microstrategy Web 7 - Local File Inclusion
nuclei·CVSS 4.3
CVE-2018-18777 [MEDIUM] Microstrategy Web 7 - Local File Inclusion
Microstrategy Web 7 - Local File Inclusion
Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
Template:
id: CVE-2018-18777
info:
name: Microstrategy Web 7 - Local File Inclusion
author: 0x_Akoko
severity: medium
description: |
Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE:
No writeups or analysis indexed.
2018-11-01
Published