Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.
References
Link | Resource |
---|---|
http://code610.blogspot.com/2020/03/pentesting-zen-load-balancer-quick.html | Exploit Third Party Advisory |
https://github.com/c610/tmp/blob/master/zenload4patreons.zip | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-04-02T13:07:34
Updated: 2020-04-02T13:12:02
Reserved: 2020-04-02T00:00:00
Link: CVE-2020-11491
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-04-02T14:15:15.217
Modified: 2020-04-03T18:42:16.190
Link: CVE-2020-11491
JSON object: View
Redhat Information
No data.
CWE