CVE-2014-5350

Bitdefender Gravityzone < 5.1.5.386 - Path Traversal

Title source: rule

Description

Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappslinux

https://www.exploit-db.com/exploits/34086

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit x_refsource_misc

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-3_Bitdefender_GravityZone_Multiple_critical_vulnerabilities_v10.txt

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Jul/78

Various Sources x_refsource_confirm

http://www.bitdefender.com/support/how-to-configure-iptables-firewall-rules-on-gravityzone-for-restricting-outside-access-to-mongodatabase-1265.html

Scores

EPSS 0.0674

EPSS Percentile 91.3%

Details

CWE

CWE-22

Status published

Products (1)

bitdefender/gravityzone < 5.1.5.386

Published Aug 19, 2014

Tracked Since Feb 18, 2026