CVE-2015-7677

CVE Database · CVE-2015-7677

CVE-2015-7677

· N/AModified

CVSS v3.1

N/A

EPSS

2.95%

Published

Feb 10, 2016

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.

Weaknesses (CWE)

CWE-200

Affected Products (1)

ipswitch · moveit_dmzvulnerable

References (8)

http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf

Vendor Advisory

http://packetstormsecurity.com/files/135459/Ipswitch-MOVEit-DMZ-8.1-File-ID-Enumeration.html

http://seclists.org/fulldisclosure/2016/Jan/95

https://www.profundis-labs.com/advisories/CVE-2015-7677.txt

http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf

Vendor Advisory

http://packetstormsecurity.com/files/135459/Ipswitch-MOVEit-DMZ-8.1-File-ID-Enumeration.html

http://seclists.org/fulldisclosure/2016/Jan/95

https://www.profundis-labs.com/advisories/CVE-2015-7677.txt

KEV Catalog EPSS Scores Vendors All CVEs