CVE-2017-16806

HIGH NUCLEI

Ulterius Server < 1.9.5.0 - Directory Traversal

Title source: nuclei

Description

The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.

Exploits (3)

exploitdb WORKING POC
by Rick Osgood · pythonremotewindows
https://www.exploit-db.com/exploits/43141
nomisec WORKING POC
by rickoooooo · poc
https://github.com/rickoooooo/ulteriusExploit
metasploit WORKING POC
by Rick Osgood, Jacob Robles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/ulterius_file_download.rb

Nuclei Templates (1)

Ulterius Server < 1.9.5.0 - Directory Traversal
HIGHby geeknik

References (2)

Scores

CVSS v3 7.5
EPSS 0.8650
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
ulterius/ulterius_server 1.5.6.0
ulterius/ulterius_server 1.8.0.0
Published Nov 13, 2017
Tracked Since Feb 18, 2026