What is CVE-2013-2068?

CVE-2013-2068 is a vulnerability in Redhat Cloudforms_management_engine, classified under Path Traversal. Published 2013-09-28.

Is CVE-2013-2068 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Redhat Cloudforms_management_engine

CVE-2013-2068

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2)…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.785 (99.1th percentile) — read the EPSS interpretation.

Affected products

Redhat Cloudforms_management_engine — versions 5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

RHSA-2013:1206 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
30469 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2013-2068?: CVE-2013-2068 is a vulnerability in Redhat Cloudforms_management_engine, classified under Path Traversal. Published 2013-09-28.
Is CVE-2013-2068 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.