Short Name |
HTTP:DIR:CVE-2018-12999FILE-DEL |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Zoho ManageEngine Desktop Central Arbitrary File Deletion |
Release Date |
2018/09/25 |
Update Number |
3102 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects arbitrary file deletion vulnerability in Zoho ManageEngine Desktop Central. Successful exploitation could result in the deletion of arbitrary files.
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.