CVE-2017-5182 Information

Description

Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file via a specially crafted URL that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux it applies to OES2015 SP1 before Maintenance Update 11080 OES2015 before Maintenance Update 11079 OES11 SP3 before Maintenance Update 11078 OES11 SP2 before Maintenance Update 11077).

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/95743 http://www.securitytracker.com/id/1037689 https://www.novell.com/support/kb/doc.php?id=7018503

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5