CVE-2015-0779

Novell Zenworks Configuration Management - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotejava

https://www.exploit-db.com/exploits/36964

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Pedro Ribeiro · textwebappsjsp

https://www.exploit-db.com/exploits/36678

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/zenworks_configuration_management_upload.rb

View Code ZIP pw:eip

References (5)

[Mailing List] http://seclists.org/fulldisclosure/2015/Apr/21

[Various Sources] https://raw.githubusercontent.com/pedrib/PoC/master/generic/zenworks_zcm_rce.txt

[Vendor Advisory] https://www.novell.com/support/kb/doc.php?id=7016419

[Issue Tracking] https://github.com/rapid7/metasploit-framework/pull/5096

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/36964/

Scores

EPSS 0.8015

EPSS Percentile 99.1%

Details

CWE

CWE-22

Status published

Products (5)

novell/zenworks_configuration_management 11 (2 CPE variants)

novell/zenworks_configuration_management 11.2

novell/zenworks_configuration_management 11.2.1

novell/zenworks_configuration_management 11.2.2

novell/zenworks_configuration_management 11.2.3

Published Jun 07, 2015

Tracked Since Feb 18, 2026