Gesamte Überschrift: Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Exploit 
Kategorie: remote exploits
Betriebssystem: linux
This Metasploit module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet class to upload a JSP payload to the Apache Tomcat's web apps directory, and gain arbitrary remote code execution. Note that authentication is not required to exploit this vulnerability.

# 0day.today @ http://0day.today/