CVE-2015-0779 : Directory traversal vulnerability in UploadServlet in Novell ZENworks Configurat

Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.

Published 2015-06-07 23:59:04

Updated 2025-04-12 10:46:41

Source OpenText

View at NVD, CVE.org

Vulnerability category: Directory traversalExecute code

Products affected by CVE-2015-0779

Novell » Zenworks Configuration Management » Version: 11
cpe:2.3:a:novell:zenworks_configuration_management:11:*:*:*:*:*:*:*
Matching versions
Novell » Zenworks Configuration Management » Version: 11 Update SP1
cpe:2.3:a:novell:zenworks_configuration_management:11:sp1:*:*:*:*:*:*
Matching versions
Novell » Zenworks Configuration Management » Version: 11.2.1
cpe:2.3:a:novell:zenworks_configuration_management:11.2.1:*:*:*:*:*:*:*
Matching versions
Novell » Zenworks Configuration Management » Version: 11.2.2
cpe:2.3:a:novell:zenworks_configuration_management:11.2.2:*:*:*:*:*:*:*
Matching versions
Novell » Zenworks Configuration Management » Version: 11.2.3
cpe:2.3:a:novell:zenworks_configuration_management:11.2.3:*:*:*:*:*:*:*
Matching versions
Novell » Zenworks Configuration Management » Version: 11.2
cpe:2.3:a:novell:zenworks_configuration_management:11.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-0779

EPSS FAQ

77.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-0779

Novell ZENworks Configuration Management Arbitrary File Upload

Disclosure Date: 2015-04-07

First seen: 2020-04-26

exploit/multi/http/zenworks_configuration_management_upload

This module exploits a file upload vulnerability in Novell ZENworks Configuration Management (ZCM, which is part of the ZENworks Suite). The vulnerability exists in the UploadServlet which accepts unauthenticated file uploads and does not check the "uid" parameter fo

More information

CVSS scores for CVE-2015-0779

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-0779

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0779

https://www.novell.com/support/kb/doc.php?id=7016419

ZENworks Configuration Management Security Announcement: CVE-2015-0779 Remote code execution via file upload and directory traversal (Tomcat/UploadServlet)
https://github.com/rapid7/metasploit-framework/pull/5096

Create exploit for CVE-2015-0779 by pedrib · Pull Request #5096 · rapid7/metasploit-framework · GitHub
http://seclists.org/fulldisclosure/2015/Apr/21

Full Disclosure: [CVE-2015-0779]: Novell ZenWorks Configuration Management remote code execution
https://raw.githubusercontent.com/pedrib/PoC/master/generic/zenworks_zcm_rce.txt
https://www.exploit-db.com/exploits/36964/

Novell ZENworks Configuration Management - Arbitrary File Upload (Metasploit)

Jump to