CVE-2016-10367
Last modified
CVE-2016-10367 is a vulnerability of currently unknown severity. In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /.. EPSS estimates a 16.11% chance of exploitation in the next 30 days.
Description
In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Opsview | Opsview | 4.5.0 |
| Opsview | Opsview | 4.6.4 |
| Opsview | Opsview | 5.0.2 |
| Opsview | Opsview | 5.1.0 |
References
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341Exploit, Third Party Advisory
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-10367?
How severe is CVE-2016-10367?
How do I fix CVE-2016-10367?
Are you affected by CVE-2016-10367?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST