CVE-2016-5840

{"id": "CVE-2016-5840", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2016-06-30T16:59:11.120", "references": [{"url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://jvn.jp/en/jp/JVN55428526/index.html", "source": "cve@mitre.org"}, {"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/40180/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header."}, {"lang": "es", "value": "hotfix_upload.cgi en Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81) y 3.8 SP2 (3.82) permite a administradores remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de metacaracteres de shell en el par\u00e1metro filename de la cabecera Content-Disposition."}], "lastModified": "2016-11-28T20:29:49.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33F53CCB-420B-4E6E-AB8B-F23626791BAB"}, {"criteria": "cpe:2.3:a:trend_micro:deep_discovery_inspector:3.81:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89EACE78-F8FD-49D9-8D4D-BB5A6DEDC0D1"}, {"criteria": "cpe:2.3:a:trend_micro:deep_discovery_inspector:3.82:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C4B030B-3019-49A5-8DF9-88C94336F93F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}