Xen XAPI CVE-2018-14007 Directory Traversal Vulnerability
BID:105110
CVE-2018-14007 |Info
Xen XAPI CVE-2018-14007 Directory Traversal Vulnerability
| Bugtraq ID: | 105110 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-14007 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 14 2018 12:00AM |
| Updated: | Aug 14 2018 12:00AM |
| Credit: | Ronald Volgers of Computest. |
| Vulnerable: |
Xen XAPI 1.112 Xen XAPI 1.111 Xen XAPI 1.110.1 Xen XAPI 1.110 Xen XAPI 1.90.3 Xen XAPI 1.60.8 Xen XAPI 1.14.38 Xen XAPI 1.14.37 Xen XAPI 1.13 |
| Not Vulnerable: | |
Discussion
Xen XAPI CVE-2018-14007 Directory Traversal Vulnerability
Xen XAPI is prone to a directory-traversal vulnerability.
A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information.
Xen XAPI is prone to a directory-traversal vulnerability.
A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information.
Exploit / POC
Xen XAPI CVE-2018-14007 Directory Traversal Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Xen XAPI CVE-2018-14007 Directory Traversal Vulnerability
References:
References:
- Xen Homepage (XenSource )
- Xen Security Advisory CVE-2018-14007 (Xen)
- XSA-271: XAPI HTTP directory traversal (Xen)