Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

Authentication bypass and path traversal in email template upload (CVE-2016-1610)

This document (7017788) is provided subject to the disclaimer at the end of this document.

Environment

Novell Filr 2.0
Novell Filr 1.2

Situation

A vulnerability in the custom email template handling in Novell Filr may allow a remote unauthenticated attacker to upload a file and write to an arbitrary path on the server with the access rights of the Filr web application (wwwrun). Depending on the payload and placement of the file this could lead to denial of service or remote code execution.

Resolution

A fix for this issue is available in the Filr 2.0 Security Update 2, available via the Novell Patch Finder.

CVE-2016-1610.
Special thanks to Wolfgang Ettlinger working with SEC Consult Vulnerability Lab for reporting this vulnerability to Micro Focus.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7017788
  • Creation Date:29-JUN-16
  • Modified Date:08-AUG-16
    • NovellFilr

Did this document solve your problem? Provide Feedback