Sign-up

ID

VAR-201611-0266


CVE

CVE-2016-5765


TITLE

plural Micro Focus Vulnerability to read arbitrary files in the product management server

Trust: 0.8

sources: JVNDB: JVNDB-2016-006045

DESCRIPTION

Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. Authentication is not required to exploit this vulnerability.The specific flaw exists within the PassThru resource. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the current process. Multiple Micro Focus Products are prone to an directory-traversal vulnerability. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks. The following versions are affected: 12.3 prior to MSS 12.3.326, 12.2 prior to MSS 12.2.342; 12.1 prior to RSG 12.1.362; 12.3 prior to RWeb 12.3.312, 12.2 prior to RWeb 12.2.342, RWeb 12.1 before 12.1.362; ZFE 2.0.1.18 before 2.0.1, Reflection ZFE (ZFE) 2.0.0 before ZFE 2.0.0.52, ZFE 1.4.0 before 1.4.0.14

Trust: 2.61

sources: NVD: CVE-2016-5765 // JVNDB: JVNDB-2016-006045 // ZDI: ZDI-16-618 // BID: 94579 // VULHUB: VHN-94584

AFFECTED PRODUCTS

vendor:microfocusmodel:reflection zfescope:eqversion:2.0.1.18

Trust: 2.4

vendor:microfocusmodel:reflection zfescope:eqversion:1.4.0.14

Trust: 2.4

vendor:microfocusmodel:reflection zfescope:eqversion:2.0.0.52

Trust: 2.4

vendor:microfocusmodel:reflection security gatewayscope:eqversion:12.1

Trust: 1.6

vendor:microfocusmodel:host access management and security serverscope:eqversion:12.3

Trust: 1.6

vendor:microfocusmodel:reflection for the webscope:eqversion:12.2

Trust: 1.6

vendor:microfocusmodel:reflection for the webscope:eqversion:12.3

Trust: 1.6

vendor:microfocusmodel:host access management and security serverscope:eqversion:12.2

Trust: 1.6

vendor:microfocusmodel:reflection for the webscope:eqversion:12.1

Trust: 1.6

vendor:microfocusmodel:host access management and security serverscope:ltversion:12.2

Trust: 0.8

vendor:microfocusmodel:host access management and security serverscope:eqversion:12.2 build 342

Trust: 0.8

vendor:microfocusmodel:reflection for the webscope:ltversion:12.3

Trust: 0.8

vendor:microfocusmodel:reflection for the webscope:eqversion:12.3 build 312

Trust: 0.8

vendor:microfocusmodel:reflection for the webscope:eqversion:2014 r2 12.1 build 362

Trust: 0.8

vendor:microfocusmodel:reflection security gatewayscope:eqversion:2014 r2 12.1 build 362

Trust: 0.8

vendor:microfocusmodel:reflection zfescope:ltversion:2.0.0

Trust: 0.8

vendor:microfocusmodel:host access management and security serverscope:eqversion:12.3 build 326

Trust: 0.8

vendor:microfocusmodel:reflection for the webscope:ltversion:12.2

Trust: 0.8

vendor:microfocusmodel:reflection for the webscope:ltversion:12.1

Trust: 0.8

vendor:microfocusmodel:reflection zfescope:ltversion:1.4.0

Trust: 0.8

vendor:microfocusmodel:host access management and security serverscope:ltversion:12.3

Trust: 0.8

vendor:microfocusmodel:reflection for the webscope:eqversion:12.2 build 342

Trust: 0.8

vendor:microfocusmodel:reflection security gatewayscope:ltversion:12.1

Trust: 0.8

vendor:microfocusmodel:reflection zfescope:ltversion:2.0.1

Trust: 0.8

vendor:attachmatemodel:host access management and security serverscope: - version: -

Trust: 0.7

vendor:micromodel:focus reflection zfescope:eqversion:2.0.1

Trust: 0.3

vendor:micromodel:focus reflection zfescope:eqversion:2.0

Trust: 0.3

vendor:micromodel:focus reflection zfescope:eqversion:1.4

Trust: 0.3

vendor:micromodel:focus reflection security gatewayscope:eqversion:12.1

Trust: 0.3

vendor:micromodel:focus reflection for the webscope:eqversion:12.3

Trust: 0.3

vendor:micromodel:focus reflection for the webscope:eqversion:12.2

Trust: 0.3

vendor:micromodel:focus reflection for the webscope:eqversion:12.1

Trust: 0.3

vendor:micromodel:focus host access management and security serverscope:eqversion:12.3

Trust: 0.3

vendor:micromodel:focus host access management and security serverscope:eqversion:12.2

Trust: 0.3

vendor:micromodel:focus reflection zfescope:neversion:2.0.1.18

Trust: 0.3

vendor:micromodel:focus reflection zfescope:neversion:2.0.0.52

Trust: 0.3

vendor:micromodel:focus reflection zfescope:neversion:1.4.0.14

Trust: 0.3

vendor:micromodel:focus reflection security gateway buildscope:neversion:12.1362

Trust: 0.3

vendor:micromodel:focus reflection for the web buildscope:neversion:12.3312

Trust: 0.3

vendor:micromodel:focus reflection for the web buildscope:neversion:12.2342

Trust: 0.3

vendor:micromodel:focus reflection for the web buildscope:neversion:12.1362

Trust: 0.3

vendor:micromodel:focus host access management and security server buildscope:neversion:12.3326

Trust: 0.3

vendor:micromodel:focus host access management and security server buildscope:neversion:12.2342

Trust: 0.3

sources: ZDI: ZDI-16-618 // BID: 94579 // JVNDB: JVNDB-2016-006045 // CNNVD: CNNVD-201611-648 // NVD: CVE-2016-5765

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5765
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-5765
value: MEDIUM

Trust: 0.8

ZDI: CVE-2016-5765
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201611-648
value: MEDIUM

Trust: 0.6

VULHUB: VHN-94584
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-5765
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2016-5765
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-94584
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5765
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-16-618 // VULHUB: VHN-94584 // JVNDB: JVNDB-2016-006045 // CNNVD: CNNVD-201611-648 // NVD: CVE-2016-5765

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-94584 // JVNDB: JVNDB-2016-006045 // NVD: CVE-2016-5765

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-648

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201611-648

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006045

PATCH
title:Technical Note 1704url:http://support.attachmate.com/techdocs/1704.html
Trust: 1.5
title:Multiple Micro Focus Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65920
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-618 // 
            
            
            
            JVNDB: JVNDB-2016-006045 // 
            
            
            
            CNNVD: CNNVD-201611-648

EXTERNAL IDS
db:NVDid:CVE-2016-5765
Trust: 3.5
db:ZDIid:ZDI-16-618
Trust: 1.8
db:BIDid:94579
Trust: 1.4
db:JVNDBid:JVNDB-2016-006045
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-4022
Trust: 0.7
db:CNNVDid:CNNVD-201611-648
Trust: 0.7
db:VULHUBid:VHN-94584
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-618 // 
            
            
            
            VULHUB: VHN-94584 // 
            
            
            
            BID: 94579 // 
            
            
            
            JVNDB: JVNDB-2016-006045 // 
            
            
            
            CNNVD: CNNVD-201611-648 // 
            
            
            
            NVD: CVE-2016-5765

REFERENCES
url:http://support.attachmate.com/techdocs/1704.html
Trust: 2.7
url:http://www.securityfocus.com/bid/94579
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-618
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5765
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5765
Trust: 0.8
url:http://www.merant.com/products/microfocus/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-16-618 // 
            
            
            
            VULHUB: VHN-94584 // 
            
            
            
            BID: 94579 // 
            
            
            
            JVNDB: JVNDB-2016-006045 // 
            
            
            
            CNNVD: CNNVD-201611-648 // 
            
            
            
            NVD: CVE-2016-5765

CREDITS
rgod
Trust: 0.7
sources:
            
            
            ZDI: ZDI-16-618

SOURCES
db:ZDIid:ZDI-16-618
db:VULHUBid:VHN-94584
db:BIDid:94579
db:JVNDBid:JVNDB-2016-006045
db:CNNVDid:CNNVD-201611-648
db:NVDid:CVE-2016-5765

LAST UPDATE DATE
2025-04-13T23:33:56.016000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-618date:2016-12-13T00:00:00
db:VULHUBid:VHN-94584date:2016-12-24T00:00:00
db:BIDid:94579date:2016-12-20T00:04:00
db:JVNDBid:JVNDB-2016-006045date:2016-12-01T00:00:00
db:CNNVDid:CNNVD-201611-648date:2016-11-30T00:00:00
db:NVDid:CVE-2016-5765date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-16-618date:2016-12-13T00:00:00
db:VULHUBid:VHN-94584date:2016-11-29T00:00:00
db:BIDid:94579date:2016-11-29T00:00:00
db:JVNDBid:JVNDB-2016-006045date:2016-12-01T00:00:00
db:CNNVDid:CNNVD-201611-648date:2016-11-30T00:00:00
db:NVDid:CVE-2016-5765date:2016-11-29T11:59:00.177