CVE-2015-4068
CVE-2015-4068
In short
A flaw in Arcserve UDP allows attackers to access files outside their intended directory by sending specially crafted requests to specific servlets, potentially exposing sensitive data or crashing the service.
Technical detail
Directory traversal vulnerability in reportFileServlet and exportServlet allows unauthenticated remote attackers to escape file path restrictions via path manipulation (CWE-22), enabling unauthorized file access and DoS. Affects Arcserve UDP versions before 5.0 Update 4.
Summary generated and translated by AI from the official description.
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://documentation.arcserve.com/Arcserve-UDP/Available/V5/ENU/Bookshelf_Files/HTML/Update%204/UDP_Update4_ReleaseNotes.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4068http://www.securityfocus.com/bid/74845http://www.zerodayinitiative.com/advisories/ZDI-15-241/http://www.zerodayinitiative.com/advisories/ZDI-15-242/