CVE-2015-0779

Novell ZENworks Configuration Management < 11.3.2 - Remote Code Execution via UploadServlet uid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-0779. PoCs published by Metasploit, Pedro Ribeiro, including Metasploit module exploits/multi/http/zenworks_configuration_management_upload.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated file upload vulnerability in Novell ZENworks Configuration Management (CVE-2015-0779) by abusing directory traversal in the 'uid' parameter to deploy a malicious WAR file in the Tomcat webapps directory, achieving remote code execution.

Description

Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotejava
https://www.exploit-db.com/exploits/36964

This Metasploit module exploits an unauthenticated file upload vulnerability in Novell ZENworks Configuration Management (CVE-2015-0779) by abusing directory traversal in the 'uid' parameter to deploy a malicious WAR file in the Tomcat webapps directory, achieving remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell ZENworks Configuration Management (ZCM) up to and including 11.3.1
No auth needed
Prerequisites: Network access to the target's UploadServlet (typically on port 443/SSL) · Tomcat webapps directory path (default or manually specified)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Pedro Ribeiro · textwebappsjsp
https://www.exploit-db.com/exploits/36678

This exploit leverages a directory traversal vulnerability in Novell ZENworks Configuration Management 11.3.1 to upload a malicious WAR file, achieving remote code execution without authentication. The vulnerability is exploited via a POST request to the UploadServlet with a manipulated 'uid' parameter.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Novell ZENworks Configuration Management 11.3.1 and below
No auth needed
Prerequisites: Network access to the target server · Ability to send HTTP POST requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/zenworks_configuration_management_upload.rb

This Metasploit module exploits an unauthenticated file upload vulnerability in Novell ZENworks Configuration Management (ZCM) via directory traversal in the 'uid' parameter of the UploadServlet. It deploys a malicious WAR file to the Tomcat webapps directory, achieving remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell ZENworks Configuration Management (ZCM) up to and including 11.3.1
No auth needed
Prerequisites: Network access to the target server · Tomcat webapps directory path (default or custom)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36964/
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Apr/21
Vendor Advisory x_refsource_confirm
https://www.novell.com/support/kb/doc.php?id=7016419

Scores

EPSS 0.7452
EPSS Percentile 99.4%

Details

CWE
CWE-22
Status published
Products (5)
novell/zenworks_configuration_management 11 (2 CPE variants)
novell/zenworks_configuration_management 11.2
novell/zenworks_configuration_management 11.2.1
novell/zenworks_configuration_management 11.2.2
novell/zenworks_configuration_management 11.2.3
Published Jun 07, 2015
Tracked Since Feb 18, 2026