![]() ![]() ![]() ![]() Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory. The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. The vulnerability is not exploitable at runtime but only when building Che. The stacks involved are Java 8 (alpine and centos), Android and PHP. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |