Mutiny < 5.0-1.11 Multiple Directory Traversals

High Nessus Network Monitor Plugin ID 6834

Synopsis

The remote server contains a network monitoring application that is affected by multiple directory traversal vulnerabilities

Description

Versions of Mutiny prior to 5.0-1.11 are reportedly affected by multiple directory traversal vulnerabilities that could allow an authenticated attacker to upload, delete, and move files on the remote system with root priveleges. The functions for UPLOAD, DELETE, CUT, and COPY used in the 'Documents' section of the web fronted of Mutiny are affected

Solution

Upgrade to version 5.0-1.11 or later

See Also

http://www.nessus.org/u?2e896696

Plugin Details

Severity: High

ID: 6834

File Name: 6834.prm

Family: Web Servers

Published: 2013/05/21

Modified: 2016/02/05

Dependencies: 1442

Nessus ID: 66497

Risk Information

Risk Factor: High

CVSSv2

Base Score: 8.5

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 8

Temporal Score: 7.4

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2013/05/15

Vulnerability Publication Date: 2013/05/15

Exploitable With

Metasploit (Mutiny 5 Arbitrary File Upload)

Reference Information

CVE: CVE-2013-0136

BID: 59883

OSVDB: 93444