Arbitrary JSP File Execution via Directory Traversal in Micro Focus Novell Service Desk

Arbitrary JSP File Execution via Directory Traversal in Micro Focus Novell Service Desk

CVE-2016-1593 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.

Learn more about our User Device Pen Test.