ID
VAR-201705-4197
TITLE
Beijing Weifangtong Information Technology Co., Ltd. bunker fortress machine has S2-045 remote command execution vulnerability
Trust: 0.6
DESCRIPTION
Beijing Weifangtong Information Technology Co., Ltd. bunker fortress is a single point function that provides centralized identity authentication, centralized access authorization, centralized access management, centralized operation audit, and simplified operation and management required for remote operation and maintenance management. Beijing Weifangtong Information Technology Co., Ltd. bunker fortress based on Jakarta Multipart parser's file upload module captures the exception information when processing the file upload (multipart) request, and OGNL expression processing for the exception information. However, when the content-type is judged to be incorrect, an exception is thrown and the Content-Type attribute value is taken. The URL with OGNL expression can be carefully constructed to cause remote code execution.
Trust: 0.6
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | weifangtong information | model: | bunker fortress | scope: | eq | version: | 2.23 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Beijing Weifangtong Information Technology Co., Ltd. bunker fortress machine has S2-045 remote command execution vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/91343 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2017-03990 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2017-03990 |
LAST UPDATE DATE
2022-05-04T09:39:32.369000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-03990 | date: | 2017-09-28T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-03990 | date: | 2017-05-16T00:00:00 |