CVE-2013-2068

Redhat Cloudforms Management Engine - Path Traversal

Title source: rule

Description

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/30469

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocruby

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-1206.html

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=960422

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/30469

Scores

EPSS 0.7846

EPSS Percentile 99.0%

Details

CWE

CWE-22

Status published

Products (1)

redhat/cloudforms_management_engine 5.1

Published Sep 28, 2013

Tracked Since Feb 18, 2026