VAR-201611-0266
Vulnerability from variot - Updated: 2025-04-13 23:33Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. Authentication is not required to exploit this vulnerability.The specific flaw exists within the PassThru resource. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the current process. Multiple Micro Focus Products are prone to an directory-traversal vulnerability. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks. The following versions are affected: 12.3 prior to MSS 12.3.326, 12.2 prior to MSS 12.2.342; 12.1 prior to RSG 12.1.362; 12.3 prior to RWeb 12.3.312, 12.2 prior to RWeb 12.2.342, RWeb 12.1 before 12.1.362; ZFE 2.0.1.18 before 2.0.1, Reflection ZFE (ZFE) 2.0.0 before ZFE 2.0.0.52, ZFE 1.4.0 before 1.4.0.14
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "reflection zfe",
"scope": "eq",
"trust": 2.4,
"vendor": "microfocus",
"version": "2.0.1.18"
},
{
"_id": null,
"model": "reflection zfe",
"scope": "eq",
"trust": 2.4,
"vendor": "microfocus",
"version": "1.4.0.14"
},
{
"_id": null,
"model": "reflection zfe",
"scope": "eq",
"trust": 2.4,
"vendor": "microfocus",
"version": "2.0.0.52"
},
{
"_id": null,
"model": "reflection security gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "microfocus",
"version": "12.1"
},
{
"_id": null,
"model": "host access management and security server",
"scope": "eq",
"trust": 1.6,
"vendor": "microfocus",
"version": "12.3"
},
{
"_id": null,
"model": "reflection for the web",
"scope": "eq",
"trust": 1.6,
"vendor": "microfocus",
"version": "12.2"
},
{
"_id": null,
"model": "reflection for the web",
"scope": "eq",
"trust": 1.6,
"vendor": "microfocus",
"version": "12.3"
},
{
"_id": null,
"model": "host access management and security server",
"scope": "eq",
"trust": 1.6,
"vendor": "microfocus",
"version": "12.2"
},
{
"_id": null,
"model": "reflection for the web",
"scope": "eq",
"trust": 1.6,
"vendor": "microfocus",
"version": "12.1"
},
{
"_id": null,
"model": "host access management and security server",
"scope": "lt",
"trust": 0.8,
"vendor": "microfocus",
"version": "12.2"
},
{
"_id": null,
"model": "host access management and security server",
"scope": "eq",
"trust": 0.8,
"vendor": "microfocus",
"version": "12.2 build 342"
},
{
"_id": null,
"model": "reflection for the web",
"scope": "lt",
"trust": 0.8,
"vendor": "microfocus",
"version": "12.3"
},
{
"_id": null,
"model": "reflection for the web",
"scope": "eq",
"trust": 0.8,
"vendor": "microfocus",
"version": "12.3 build 312"
},
{
"_id": null,
"model": "reflection for the web",
"scope": "eq",
"trust": 0.8,
"vendor": "microfocus",
"version": "2014 r2 12.1 build 362"
},
{
"_id": null,
"model": "reflection security gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "microfocus",
"version": "2014 r2 12.1 build 362"
},
{
"_id": null,
"model": "reflection zfe",
"scope": "lt",
"trust": 0.8,
"vendor": "microfocus",
"version": "2.0.0"
},
{
"_id": null,
"model": "host access management and security server",
"scope": "eq",
"trust": 0.8,
"vendor": "microfocus",
"version": "12.3 build 326"
},
{
"_id": null,
"model": "reflection for the web",
"scope": "lt",
"trust": 0.8,
"vendor": "microfocus",
"version": "12.2"
},
{
"_id": null,
"model": "reflection for the web",
"scope": "lt",
"trust": 0.8,
"vendor": "microfocus",
"version": "12.1"
},
{
"_id": null,
"model": "reflection zfe",
"scope": "lt",
"trust": 0.8,
"vendor": "microfocus",
"version": "1.4.0"
},
{
"_id": null,
"model": "host access management and security server",
"scope": "lt",
"trust": 0.8,
"vendor": "microfocus",
"version": "12.3"
},
{
"_id": null,
"model": "reflection for the web",
"scope": "eq",
"trust": 0.8,
"vendor": "microfocus",
"version": "12.2 build 342"
},
{
"_id": null,
"model": "reflection security gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "microfocus",
"version": "12.1"
},
{
"_id": null,
"model": "reflection zfe",
"scope": "lt",
"trust": 0.8,
"vendor": "microfocus",
"version": "2.0.1"
},
{
"_id": null,
"model": "host access management and security server",
"scope": null,
"trust": 0.7,
"vendor": "attachmate",
"version": null
},
{
"_id": null,
"model": "focus reflection zfe",
"scope": "eq",
"trust": 0.3,
"vendor": "micro",
"version": "2.0.1"
},
{
"_id": null,
"model": "focus reflection zfe",
"scope": "eq",
"trust": 0.3,
"vendor": "micro",
"version": "2.0"
},
{
"_id": null,
"model": "focus reflection zfe",
"scope": "eq",
"trust": 0.3,
"vendor": "micro",
"version": "1.4"
},
{
"_id": null,
"model": "focus reflection security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "micro",
"version": "12.1"
},
{
"_id": null,
"model": "focus reflection for the web",
"scope": "eq",
"trust": 0.3,
"vendor": "micro",
"version": "12.3"
},
{
"_id": null,
"model": "focus reflection for the web",
"scope": "eq",
"trust": 0.3,
"vendor": "micro",
"version": "12.2"
},
{
"_id": null,
"model": "focus reflection for the web",
"scope": "eq",
"trust": 0.3,
"vendor": "micro",
"version": "12.1"
},
{
"_id": null,
"model": "focus host access management and security server",
"scope": "eq",
"trust": 0.3,
"vendor": "micro",
"version": "12.3"
},
{
"_id": null,
"model": "focus host access management and security server",
"scope": "eq",
"trust": 0.3,
"vendor": "micro",
"version": "12.2"
},
{
"_id": null,
"model": "focus reflection zfe",
"scope": "ne",
"trust": 0.3,
"vendor": "micro",
"version": "2.0.1.18"
},
{
"_id": null,
"model": "focus reflection zfe",
"scope": "ne",
"trust": 0.3,
"vendor": "micro",
"version": "2.0.0.52"
},
{
"_id": null,
"model": "focus reflection zfe",
"scope": "ne",
"trust": 0.3,
"vendor": "micro",
"version": "1.4.0.14"
},
{
"_id": null,
"model": "focus reflection security gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "micro",
"version": "12.1362"
},
{
"_id": null,
"model": "focus reflection for the web build",
"scope": "ne",
"trust": 0.3,
"vendor": "micro",
"version": "12.3312"
},
{
"_id": null,
"model": "focus reflection for the web build",
"scope": "ne",
"trust": 0.3,
"vendor": "micro",
"version": "12.2342"
},
{
"_id": null,
"model": "focus reflection for the web build",
"scope": "ne",
"trust": 0.3,
"vendor": "micro",
"version": "12.1362"
},
{
"_id": null,
"model": "focus host access management and security server build",
"scope": "ne",
"trust": 0.3,
"vendor": "micro",
"version": "12.3326"
},
{
"_id": null,
"model": "focus host access management and security server build",
"scope": "ne",
"trust": 0.3,
"vendor": "micro",
"version": "12.2342"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-618"
},
{
"db": "BID",
"id": "94579"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006045"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-648"
},
{
"db": "NVD",
"id": "CVE-2016-5765"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microfocus:host_access_management_and_security_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microfocus:reflection_for_the_web",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microfocus:reflection_security_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microfocus:reflection_zfe",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006045"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-618"
}
],
"trust": 0.7
},
"cve": "CVE-2016-5765",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5765",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5765",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-94584",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-5765",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5765",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-5765",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2016-5765",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-648",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94584",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-618"
},
{
"db": "VULHUB",
"id": "VHN-94584"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006045"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-648"
},
{
"db": "NVD",
"id": "CVE-2016-5765"
}
]
},
"description": {
"_id": null,
"data": "Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. Authentication is not required to exploit this vulnerability.The specific flaw exists within the PassThru resource. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the current process. Multiple Micro Focus Products are prone to an directory-traversal vulnerability. \nRemote attackers can use specially crafted requests with directory-traversal sequences (\u0027../\u0027) to read arbitrary files in the context of the application. This may aid in further attacks. The following versions are affected: 12.3 prior to MSS 12.3.326, 12.2 prior to MSS 12.2.342; 12.1 prior to RSG 12.1.362; 12.3 prior to RWeb 12.3.312, 12.2 prior to RWeb 12.2.342, RWeb 12.1 before 12.1.362; ZFE 2.0.1.18 before 2.0.1, Reflection ZFE (ZFE) 2.0.0 before ZFE 2.0.0.52, ZFE 1.4.0 before 1.4.0.14",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5765"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006045"
},
{
"db": "ZDI",
"id": "ZDI-16-618"
},
{
"db": "BID",
"id": "94579"
},
{
"db": "VULHUB",
"id": "VHN-94584"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-5765",
"trust": 3.5
},
{
"db": "ZDI",
"id": "ZDI-16-618",
"trust": 1.8
},
{
"db": "BID",
"id": "94579",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006045",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4022",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201611-648",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94584",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-618"
},
{
"db": "VULHUB",
"id": "VHN-94584"
},
{
"db": "BID",
"id": "94579"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006045"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-648"
},
{
"db": "NVD",
"id": "CVE-2016-5765"
}
]
},
"id": "VAR-201611-0266",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94584"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:33:56.016000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Technical Note 1704",
"trust": 1.5,
"url": "http://support.attachmate.com/techdocs/1704.html"
},
{
"title": "Multiple Micro Focus Product information disclosure vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65920"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-618"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006045"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-648"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94584"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006045"
},
{
"db": "NVD",
"id": "CVE-2016-5765"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.7,
"url": "http://support.attachmate.com/techdocs/1704.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/94579"
},
{
"trust": 1.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-618"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5765"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5765"
},
{
"trust": 0.3,
"url": "http://www.merant.com/products/microfocus/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-618"
},
{
"db": "VULHUB",
"id": "VHN-94584"
},
{
"db": "BID",
"id": "94579"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006045"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-648"
},
{
"db": "NVD",
"id": "CVE-2016-5765"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-16-618",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-94584",
"ident": null
},
{
"db": "BID",
"id": "94579",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006045",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201611-648",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-5765",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-12-13T00:00:00",
"db": "ZDI",
"id": "ZDI-16-618",
"ident": null
},
{
"date": "2016-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-94584",
"ident": null
},
{
"date": "2016-11-29T00:00:00",
"db": "BID",
"id": "94579",
"ident": null
},
{
"date": "2016-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006045",
"ident": null
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-648",
"ident": null
},
{
"date": "2016-11-29T11:59:00.177000",
"db": "NVD",
"id": "CVE-2016-5765",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-12-13T00:00:00",
"db": "ZDI",
"id": "ZDI-16-618",
"ident": null
},
{
"date": "2016-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-94584",
"ident": null
},
{
"date": "2016-12-20T00:04:00",
"db": "BID",
"id": "94579",
"ident": null
},
{
"date": "2016-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006045",
"ident": null
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-648",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5765",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-648"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Micro Focus Vulnerability to read arbitrary files in the product management server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006045"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-648"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…