Published: 09/03/2017 Updated: 16/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated malicious user to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).

Vulnerable Product	Search on Vulmon	Subscribe to Product
dnatools dnalims 4-2015s13

Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: wwwshorebreaksecuritycom/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017 Vendor: dnaTools, Inc CVE IDs: [2017-6526, 2017-6527, 2017-6528, 2017-6529] USCERT VU: 929263 Vulnerability Summaries 1) Improperly prote ...

This NSE script for Nmap exploits a directory traversal vulnerability in dnaTools dnaLIMS version 4-2015s13 ...

dnaLIMS DNA sequencing application suffers from an improperly protected web shell, a directory traversal, insecure password storage, session hijacking, cross site scripting, and improperly protected content vulnerabilities ...

CWE-22 https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/http://www.securityfocus.com/bid/96823 https://www.exploit-db.com/exploits/41578/https://nvd.nist.gov https://www.exploit-db.com/exploits/41578/

CVE-2017-6527

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect