HomePentest-Tools.com Logo

Accellion FTA File Disclosure Vulnerability CVE-2015-2856

Severity
CVSSv3 Score
7.5
Vulnerability description

Accellion FTA is prone to a file disclosure vulnerability

Risk description

The vulnerability is triggered when a user-provided statecode cookie parameter is appended to a file path that is processed as a HTML template. By prepending this cookie with directory traversal sequence and appending a NULL byte, any file readable by the web user can be exposed. An attacker can read sensitive files, including the system configuration and files uploaded to the appliance by users.

Recommendation

Upgrade to version 9.11.210 or later.

References
Not available
Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 10, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available