cbcvebase.
CVE-2021-45027
published 2022-09-01

CVE-2021-45027: An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by…

PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.58%
72.5th percentile
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.

Affected

1 ranges
VendorProductVersion rangeFixed in
softlinkintoliver_v5_library< 8.00.008.0538.00.008.053

Detection & IOCsextracted from sources · hover to see the quote

url/oliver/FileServlet?source=serverFile&fileName=c:/windows/win.ini
path/oliver/FileServlet
filenamec:/windows/win.ini
  • Detect exploitation attempts targeting the FileServlet endpoint with a 'fileName' parameter containing path traversal sequences (e.g., 'c:/windows/win.ini'). The 'source' parameter is set to 'serverFile'.
  • A successful exploitation response body will contain the strings 'bit app support', 'fonts', and 'extensions' — characteristic content of win.ini — all present simultaneously.
  • The vulnerability is unauthenticated (PR:N, UI:N); no session or credentials are required to exploit the FileServlet endpoint.
  • ·The vulnerable parameter is 'fileName' within the FileServlet endpoint; the 'source' parameter must be set to 'serverFile' to trigger the arbitrary file read code path.
  • ·The server is Windows-based; path traversal payloads should use Windows-style paths (e.g., 'c:/windows/win.ini') rather than Unix-style paths.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.