OpenX Arbitrary File Upload Vulnerability Network Vulnerability

Summary

OpenX is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately validate user- supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation other attacks are also possible. The issue affects OpenX 2.8.1 and prior.

Solution

Reportedly, the vendor fixed this issue in OpenX 2.8.2. Symantec has not confirmed this information. Please contact the vendor for details.

References

http://www.securityfocus.com/archive/1/508050
http://www.securityfocus.com/bid/37110

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-4098

CVSS	Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache Archiva Cross Site Request Forgery Vulnerability
aeNovo Database Content Disclosure Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Apache Tomcat Login Constraints Security Bypass Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities