QwikSec

Security Database

CVE

CWE

Training

CVE-2015-7677

Published: Feb 10, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20160127 Multiple security issues in MOVEit Managed File Transfer application

mailing-list

x_refsource_FULLDISC

http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf

x_refsource_CONFIRM

http://packetstormsecurity.com/files/135459/Ipswitch-MOVEit-DMZ-8.1-File-ID-Enumeration.html

x_refsource_MISC

https://www.profundis-labs.com/advisories/CVE-2015-7677.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.