Rewterz Threat Advisory – CVE-2020-17532 – Apache ServiceComb code execution
January 22, 2021Rewterz Threat Alert – Verified Phishing URLs
January 25, 2021Rewterz Threat Advisory – CVE-2020-17532 – Apache ServiceComb code execution
January 22, 2021Rewterz Threat Alert – Verified Phishing URLs
January 25, 2021Severity
High
Analysis Summary
CVE-2020-36193
Archive_Tar could allow a remote attacker to traverse directories on the system, caused by inadequate checking of symbolic links. An attacker could send a specially-crafted URL request to the Tar.php script containing “dot dot” sequences (/../) to modify arbitrary files on the system.
Impact
Information Disclosure
Affected Vendors
Drupal
Affected Products
Archive_Tar Archive_Tar 1.4.11
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.