CVE-2014-3088

high

Description

stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload.

References

http://www.securityfocus.com/bid/68291

http://packetstormsecurity.com/files/127829/IBM-Sametime-Meet-Server-8.5-Arbitrary-File-Upload.html

http://packetstormsecurity.com/files/127294

http://linux.oracle.com/errata/ELSA-2014-0747.html

Details

Source: Mitre, NVD

Published: 2014-07-01

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: High

EPSS

EPSS: 0.00212