Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:DIR:CVE-2018-12999FILE-DEL
Severity	Minor
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Zoho ManageEngine Desktop Central Arbitrary File Deletion
Release Date	2018/09/25
Update Number	3102
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Zoho ManageEngine Desktop Central Arbitrary File Deletion

This signature detects arbitrary file deletion vulnerability in Zoho ManageEngine Desktop Central. Successful exploitation could result in the deletion of arbitrary files.

Extended Description

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.

Affected Products

Zohocorp manageengine_desktop_central 10.0.255

References

CVE: CVE-2018-12999

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Zoho ManageEngine Desktop Central Arbitrary File Deletion

Extended Description

Affected Products

References