CVE-2018-0705 – CVE-2018-0705 is a directory traversal vulnerab... (How to Fix)

Q: What is the severity of CVE-2018-0705?

CVE-2018-0705 has a CVSS score of 9.1 (CRITICAL). CVE-2018-0705 is a directory traversal vulnerability in Cybozu Dezie that allows remote attackers to read arbitrary files on the server via specially crafted HTTP requests. This affects organizations running vulnerable versions of Cybozu Dezie web application servers.

📋 TL;DR

CVE-2018-0705 is a directory traversal vulnerability in Cybozu Dezie that allows remote attackers to read arbitrary files on the server via specially crafted HTTP requests. This affects organizations running vulnerable versions of Cybozu Dezie web application servers.

💻 Affected Systems

Products:

Cybozu Dezie

Versions: 8.0.2 to 8.1.2

Operating Systems: All platforms running Cybozu Dezie

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within the affected version range are vulnerable by default.

📦 What is this software?

Dezie by Cybozu

View all CVEs affecting Dezie →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive files including configuration files, password files, database credentials, and other confidential data, potentially leading to complete system compromise.

🟠

Likely Case

Attackers exfiltrate sensitive configuration files and user data, enabling further attacks or data theft.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the application server's file system.

🌐 Internet-Facing: HIGH - The vulnerability is exploitable via HTTP requests, making internet-facing instances particularly vulnerable to automated scanning and exploitation.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable to insider threats or attackers who gain internal network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities are typically easy to exploit with simple HTTP requests using ../ sequences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.1.3 and later

Vendor Advisory: https://kb.cybozu.support/article/34089/

Restart Required: Yes

Instructions:

1. Download Cybozu Dezie version 8.1.3 or later from Cybozu support portal. 2. Backup current installation and data. 3. Stop the Dezie service. 4. Install the updated version. 5. Restart the service. 6. Verify the update was successful.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Configure WAF rules to block directory traversal patterns in HTTP requests

Network Segmentation

all

Restrict network access to Cybozu Dezie instances to only trusted networks

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the Cybozu Dezie service
Deploy a web application firewall with rules specifically blocking directory traversal patterns

🔍 How to Verify

Check if Vulnerable:

Check if running Cybozu Dezie version 8.0.2 through 8.1.2. Attempt to access files outside web root using ../ sequences in URLs.

Check Version:

Check the Cybozu Dezie administration interface or installation directory for version information

Verify Fix Applied:

Verify Cybozu Dezie version is 8.1.3 or later. Test that directory traversal attempts no longer succeed.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing ../ sequences
Access to files outside normal web directories
Failed file access attempts with traversal patterns

Network Indicators:

HTTP requests with multiple ../ sequences in URL parameters or paths
Unusual file access patterns from external IPs

SIEM Query:

source="cybozu_dezie" AND (url="*../*" OR url="*..%2f*" OR url="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2018-0705

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-22

Published: January 9, 2019

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/jp/JVN16697622/index.html Third Party Advisory
https://kb.cybozu.support/article/34089/ Vendor Advisory
https://jvn.jp/en/jp/JVN16697622/index.html Third Party Advisory
https://kb.cybozu.support/article/34089/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-0705, you might also want to check these: