Vulnerability Details : CVE-2014-6037
Public exploit exists!
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
Vulnerability category: Directory traversalExecute code
Products affected by CVE-2014-6037
- cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:9.0:9002:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:8.2:8020:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-6037
81.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-6037
-
ManageEngine Eventlog Analyzer Arbitrary File Upload
Disclosure Date: 2014-08-31First seen: 2020-04-26exploit/multi/http/eventlog_file_uploadThis module exploits a file upload vulnerability in ManageEngine Eventlog Analyzer. The vulnerability exists in the agentUpload servlet which accepts unauthenticated file uploads and handles zip file contents in an insecure way. By combining both weaknesses a remote
CVSS scores for CVE-2014-6037
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-6037
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6037
-
http://seclists.org/fulldisclosure/2014/Sep/20
Full Disclosure: Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple VulnerabilitiesExploit
-
http://www.securityfocus.com/bid/69482
ManageEngine EventLog Analyzer Multiple Security VulnerabilitiesExploit
-
http://osvdb.org/show/osvdb/110642
-
http://www.exploit-db.com/exploits/34519
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1) - JSP webapps ExploitExploit
-
http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html
ManageEngine EventLog Analyzer 9.9 Authorization / Code Execution ≈ Packet StormExploit
-
http://seclists.org/fulldisclosure/2014/Aug/86
Full Disclosure: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple VulnerabilitiesExploit
-
https://github.com/rapid7/metasploit-framework/pull/3732
Add Eventlog Analzyer exploit by pedrib · Pull Request #3732 · rapid7/metasploit-framework · GitHubExploit
-
http://seclists.org/fulldisclosure/2014/Sep/19
Full Disclosure: Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple VulnerabilitiesExploit
-
http://seclists.org/fulldisclosure/2014/Sep/1
Full Disclosure: [The ManageOwnage Series, part IV]: RCE / file upload in Eventlog Analyzer, feat. special guests h0ng10 and Mogwai Security
-
https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt
Exploit
Jump to