HIGH🇬🇧 English

CVE-2019-6500

CVSS 7.5v3.0pub. 2019-01-21upd. 2024-11-21

In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Axway File Tranfer Direct

    APP
    Axway
    2.7.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2019-14277CRITICAL9.8ten sam vendor

Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to una...

CVE-2015-5606HIGH7.5ten sam vendor

Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service...

CVE-2012-4991HIGH8.5ten sam vendor

Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authent...

CVE-2013-7057MEDIUM6.8ten sam vendor

Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote att...

CVE-2012-6452MEDIUM5.0ten sam vendor

Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different respo...