| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2013-0629 | Adobe ColdFusion Directory Traversal Vulnerability | secondary_impact | T1005 | Data from Local System |
Comments
This is an exploitation of a public-facing server due to password misconfiguration. Exploitation allows attackers to access restricted directories
References
|
| CVE-2013-0629 | Adobe ColdFusion Directory Traversal Vulnerability | primary_impact | T1202 | Indirect Command Execution |
Comments
This is an exploitation of a public-facing server due to password misconfiguration. Exploitation allows attackers to access restricted directories
References
|
| CVE-2018-13379 | Fortinet FortiOS SSL VPN Path Traversal Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This is a path traversal vulnerability that allows adversary to download system files through specially-crafted HTTP requests.
References
|
| CVE-2021-42013 | Apache HTTP Server Path Traversal Vulnerability | exploitation_technique | T1210 | Exploitation of Remote Services |
Comments
CVE-2021-42013 was introduced as the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50. CVE-2021-42013 is a path traversal vulnerability in Apache HTTP Server 2.4.49 that allows an attacker to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied," these requests can succeed. If CGI scripts are also enabled for these aliased paths, this could allow for remote code execution.
References
|
| CVE-2021-42013 | Apache HTTP Server Path Traversal Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2021-42013 was introduced as the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50. CVE-2021-42013 is a path traversal vulnerability in Apache HTTP Server 2.4.49 that allows an attacker to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied," these requests can succeed. If CGI scripts are also enabled for these aliased paths, this could allow for remote code execution.
References
|
| CVE-2021-41773 | Apache HTTP Server Path Traversal Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49 that allows an attacker to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied," these requests can succeed. If CGI scripts are also enabled for these aliased paths, this could allow for remote code execution.
References
|
| CVE-2021-41773 | Apache HTTP Server Path Traversal Vulnerability | exploitation_technique | T1210 | Exploitation of Remote Services |
Comments
CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49 that allows an attacker to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied," these requests can succeed. If CGI scripts are also enabled for these aliased paths, this could allow for remote code execution.
References
|
| CVE-2020-3452 | Cisco ASA and FTD Read-Only Path Traversal Vulnerability | primary_impact | T1005 | Data from Local System |
Comments
CVE-2020-3452 is a vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system.
References
|
| CVE-2020-3452 | Cisco ASA and FTD Read-Only Path Traversal Vulnerability | exploitation_technique | T1202 | Indirect Command Execution |
Comments
CVE-2020-3452 is a vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system.
References
|
| CVE-2019-3398 | Atlassian Confluence Server and Data Center Path Traversal Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2019-3398 is a path traversal vulnerability in Atlassian Confluence Server and Data Center that allows an authenticated attacker to write files to arbitrary locations, potentially leading to remote code execution
References
|
| CVE-2019-3398 | Atlassian Confluence Server and Data Center Path Traversal Vulnerability | exploitation_technique | T1202 | Indirect Command Execution |
Comments
CVE-2019-3398 is a path traversal vulnerability in Atlassian Confluence Server and Data Center that allows an authenticated attacker to write files to arbitrary locations, potentially leading to remote code execution
References
|
| CVE-2010-2861 | Adobe ColdFusion Directory Traversal Vulnerability | secondary_impact | T1119 | Automated Collection |
Comments
This is the exploitation of a public facing server. In-the-wild reporting documents that exploitation of this vulnerability was used to install a webshell on the victim machine, and then captured and exfiltrated client credit card information.
References
|
| CVE-2010-2861 | Adobe ColdFusion Directory Traversal Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
This is the exploitation of a public facing server. In-the-wild reporting documents that exploitation of this vulnerability was used to install a webshell on the victim machine, and then captured and exfiltrated client credit card information.
References
|
| CVE-2010-2861 | Adobe ColdFusion Directory Traversal Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This is the exploitation of a public facing server. In-the-wild reporting documents that exploitation of this vulnerability was used to install a webshell on the victim machine, and then captured and exfiltrated client credit card information.
References
|
| CVE-2013-0629 | Adobe ColdFusion Directory Traversal Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This is an exploitation of a public-facing server due to password misconfiguration. Exploitation allows attackers to access restricted directories.
References
|
| CVE-2022-41328 | Fortinet FortiOS Path Traversal Vulnerability | secondary_impact | T1049 | System Network Connections Discovery |
Comments
CVE-2022-41328 is a path traversal vulnerability that allows a privileged attacked to read and write to files on the underlying Linux system via crafted CLI commands. Adversaries have been observed modifying files that establish persistence upon boot. The malicious files provide the adversaries with the capabilities of: data exfiltration, download/write files, remote shell, and discovery of network connections.
References
|
| CVE-2022-41328 | Fortinet FortiOS Path Traversal Vulnerability | secondary_impact | T1565.001 | Stored Data Manipulation |
Comments
CVE-2022-41328 is a path traversal vulnerability that allows a privileged attacked to read and write to files on the underlying Linux system via crafted CLI commands. Adversaries have been observed modifying files that establish persistence upon boot. The malicious files provide the adversaries with the capabilities of: data exfiltration, download/write files, remote shell, and discovery of network connections.
References
|
| CVE-2022-41328 | Fortinet FortiOS Path Traversal Vulnerability | primary_impact | T1037 | Boot or Logon Initialization Scripts |
Comments
CVE-2022-41328 is a path traversal vulnerability that allows a privileged attacked to read and write to files on the underlying Linux system via crafted CLI commands. Adversaries have been observed modifying files that establish persistence upon boot. The malicious files provide the adversaries with the capabilities of: data exfiltration, download/write files, remote shell, and discovery of network connections.
References
|
| CVE-2022-41328 | Fortinet FortiOS Path Traversal Vulnerability | exploitation_technique | T1574 | Hijack Execution Flow |
Comments
CVE-2022-41328 is a path traversal vulnerability that allows a privileged attacked to read and write to files on the underlying Linux system via crafted CLI commands. Adversaries have been observed modifying files that establish persistence upon boot. The malicious files provide the adversaries with the capabilities of: data exfiltration, download/write files, remote shell, and discovery of network connections.
References
|
| CVE-2023-35081 | Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is exploited through a path traversal flaw in Ivanti EPMM. Attackers initiate this vulnerability by leveraging authenticated administrative access to remotely write arbitrary files onto the server. This enables them to deploy additional payloads, potentially granting further access and compromising the system.
References
|
| CVE-2023-35081 | Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability is exploited through a path traversal flaw in Ivanti EPMM. Attackers initiate this vulnerability by leveraging authenticated administrative access to remotely write arbitrary files onto the server. This enables them to deploy additional payloads, potentially granting further access and compromising the system. This vulnerability is often used in conjunction with CVE-2023-35078 (along with others) that provides unauthenticated access, enhancing the attack's capabilities. It has been actively exploited, impacting victims by leveraging both vulnerabilities together.
References
|
| CVE-2023-32315 | Ignite Realtime Openfire Path Traversal Vulnerability | secondary_impact | T1496 | Resource Hijacking |
Comments
CVE-2023-32315 is a path traversal bug in Openfire's administrative console that could be leveraged for remote code execution. Public reports have indicated that threat actors were exploiting this vulnerability to gain access to the Openfire plugins interface to create new admin console user accounts, install a malicious plugin, and gain access to a webshell.
References
|
| CVE-2023-32315 | Ignite Realtime Openfire Path Traversal Vulnerability | secondary_impact | T1087.002 | Domain Account |
Comments
CVE-2023-32315 is a path traversal bug in Openfire's administrative console that could be leveraged for remote code execution. Public reports have indicated that threat actors were exploiting this vulnerability to gain access to the Openfire plugins interface to create new admin console user accounts, install a malicious plugin, and gain access to a webshell.
References
|
| CVE-2023-32315 | Ignite Realtime Openfire Path Traversal Vulnerability | primary_impact | T1505.003 | Web Shell |
Comments
CVE-2023-32315 is a path traversal bug in Openfire's administrative console that could be leveraged for remote code execution. Public reports have indicated that threat actors were exploiting this vulnerability to gain access to the Openfire plugins interface to create new admin console user accounts, install a malicious plugin, and gain access to a webshell.
References
|
| CVE-2023-32315 | Ignite Realtime Openfire Path Traversal Vulnerability | exploitation_technique | T1202 | Indirect Command Execution |
Comments
CVE-2023-32315 is a path traversal bug in Openfire's administrative console that could be leveraged for remote code execution. Public reports have indicated that threat actors were exploiting this vulnerability to gain access to the Openfire plugins interface to create new admin console user accounts, install a malicious plugin, and gain access to a webshell.
References
|