Rewterz Threat Alert – ‘Confucius’ APT group Targeting Pakistan
February 9, 2021Rewterz Threat Advisory – Microsoft Windows TCP/IP code execution
February 10, 2021Rewterz Threat Alert – ‘Confucius’ APT group Targeting Pakistan
February 9, 2021Rewterz Threat Advisory – Microsoft Windows TCP/IP code execution
February 10, 2021Severity
High
Analysis Summary
CVE-2020-13924
Apache Ambari could allow a remote attacker to traverse directories on the system, caused by improper validation of file names. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to download arbitrary files on the system.
Impact
Information Disclosure
Affected Vendors
Apache
Affected Products
Apache Ambari 2.6.0
Remediation
Upgrade to the latest version of Ambari.