cbcvebase.
CVE-2018-7467
published 2018-02-27

CVE-2018-7467: AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.

PriorityP357high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
10.52%
95.2th percentile
AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.

Detection & IOCsextracted from sources · hover to see the quote

url//css//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini
path/css//..%2f
  • Look for HTTP requests where the URI begins with /css//..%2f — this is the specific traversal prefix used to exploit CVE-2018-7467 on AxxonSoft Axxon Next.
  • Match response body for all three strings 'bit app support', 'fonts', and 'extensions' simultaneously (AND condition) to confirm successful windows\win.ini file read via directory traversal.
  • The exploit uses percent-encoded forward slashes (%2f) in a double-slash path (/css//) to bypass path normalization; monitor for URL-encoded traversal sequences following this specific prefix.
  • ·The Nuclei template requires 'unsafe: true' mode, meaning standard HTTP clients that normalize URLs will not reproduce the traversal — detection must account for raw/un-normalized request paths.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.