CVE-2016-5840
Published Jun 30, 2016
Last updated 8 years ago
Overview
- Description
- hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33F53CCB-420B-4E6E-AB8B-F23626791BAB"
},
{
"criteria": "cpe:2.3:a:trend_micro:deep_discovery_inspector:3.81:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89EACE78-F8FD-49D9-8D4D-BB5A6DEDC0D1"
},
{
"criteria": "cpe:2.3:a:trend_micro:deep_discovery_inspector:3.82:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C4B030B-3019-49A5-8DF9-88C94336F93F"
}
],
"operator": "OR"
}
]
}
]