CVE-2015-6459: Path Traversal
First published: Fri Sep 18 2015(Updated: )
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GE MDS PulseNET | <=3.1.3 | |
| GE MDS PulseNET | <=3.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6459?
CVE-2015-6459 is classified as a high-severity absolute path traversal vulnerability that affects GE Digital Energy MDS PulseNET.
How do I fix CVE-2015-6459?
To fix CVE-2015-6459, upgrade GE MDS PulseNET and MDS PulseNET Enterprise to version 3.1.5 or later.
Who is affected by CVE-2015-6459?
CVE-2015-6459 affects users of GE MDS PulseNET and MDS PulseNET Enterprise versions prior to 3.1.5.
What type of vulnerability is CVE-2015-6459?
CVE-2015-6459 is an absolute path traversal vulnerability that allows remote attackers to access or delete files.
What could an attacker do with CVE-2015-6459?
An attacker exploiting CVE-2015-6459 could read or delete arbitrary files on the server due to improper input validation.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/ge
- canonical/ge mds pulsenet
- version/ge mds pulsenet/3.1.3