漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection
Vulnerability Description
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Riverbed SteelHead VCX 信息泄露漏洞
Vulnerability Description
Riverbed SteelHead VCX是美国Riverbed公司的一个广域网优化软件。 Riverbed SteelHead VCX 9.6.0a版本存在安全漏洞,该漏洞源于日志过滤功能中的路径遍历问题,可能导致任意文件读取。
CVSS Information
N/A
Vulnerability Type
N/A