CVE-2016-7843

MEDIUM

Hibara Software Attachecase For Java < 0.6.0 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.

References (3)

[Third Party Advisory, VDB Entry] http://jvn.jp/en/jp/JVN28331227/index.html

[Third Party Advisory] http://maruuofactory.life.coocan.jp/attachecase/#pathTraversal

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95445

Scores

CVSS v3 5.5

EPSS 0.0662

EPSS Percentile 91.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-22

Status published

Affected Products (6)

hibara_software/attachecase_for_java < 0.6.0

hibara_software/attachecase_lite < 1.4.6

hibara_software/attachecase_pro < 1.5.7

MaruUo Factory/AttacheCase for Java < Ver0.60 and earlier

MaruUo Factory/AttacheCase Lite < Ver1.4.6 and earlier

MaruUo Factory/AttacheCase Pro < Ver1.5.7 and earlier

Timeline

Published Apr 28, 2017

Tracked Since Feb 18, 2026