|CVSS SCORE||8.8, (AV:N/AC:M/Au:N/C:C/I:N/A:C)|
|TIPPINGPOINT™ IPS CUSTOMER PROTECTION||TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 20173. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaws exist within implementation of the SaveContent functionality in the AccuRevTomcat service. Unauthenticated callers are allowed to remotely access the functionality of the servlet. By crafting a path input to the servlet, an attacker can read or delete files on the target server under the context of SYSTEM.
07/09/2015 - ZDI emailed vendor and requested contact