CVE-2015-7677 (moveit_dmz)

Posted on 2016년 2월 11일2016년 2월 16일 by admin

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.
Source: CVE-2015-7677 (moveit_dmz)

답글 남기기 응답 취소