Mutiny < 5.0-1.11 Multiple Directory Traversals

high Nessus Network Monitor Plugin ID 6834

Synopsis

The remote server contains a network monitoring application that is affected by multiple directory traversal vulnerabilities

Description

Versions of Mutiny prior to 5.0-1.11 are reportedly affected by multiple directory traversal vulnerabilities that could allow an authenticated attacker to upload, delete, and move files on the remote system with root priveleges. The functions for UPLOAD, DELETE, CUT, and COPY used in the 'Documents' section of the web fronted of Mutiny are affected

Solution

Upgrade to version 5.0-1.11 or later

See Also

http://www.nessus.org/u?2e896696

Plugin Details

Severity: High

ID: 6834

Family: Web Servers

Published: 5/21/2013

Updated: 3/6/2019

Nessus ID: 66497

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mutiny:mutiny

Patch Publication Date: 5/15/2013

Vulnerability Publication Date: 5/15/2013

Exploitable With

Metasploit (Mutiny 5 Arbitrary File Upload)

Reference Information

CVE: CVE-2013-0136

BID: 59883