|CVSS SCORE||10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)|
|TIPPINGPOINT™ IPS CUSTOMER PROTECTION||TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 16988. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the Developer tools. An attacker can use the projectContents.jsp page to rename an arbitrary file, allowing for an uploaded file to be executed. This allows an attacker to execute arbitrary code as SYSTEM.
Visual Mining states:
11/19/2014 - ZDI disclosed report to Visual Mining Technical Support Team.
|CREDIT||Steven Seeley of Source Incite