Lucene search

MitreCVE-2005-2619

HistoryFeb 15, 2006 - 12:00 a.m.

CVE-2005-2619

2006-02-1500:00:00

CWE-22

mitre

web.nvd.nist.gov

cve-2005-2619

directory traversal

autonomy keyview sdk

verity

lotus notes

remote attack

file deletion

zip

uue

tar archive

security vulnerability

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

High

EPSS

0.029

Percentile

90.8%

JSON

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a … (dot dot) in the filename, which is not properly handled when generating a preview.

Affected configurations

Nvd

Node

autonomykeyview_export_sdk

autonomykeyview_filter_sdk

autonomykeyview_viewer_sdk

ibmlotus_notesMatch6.0.1

ibmlotus_notesMatch6.0.2

ibmlotus_notesMatch6.0.3

ibmlotus_notesMatch6.0.4

ibmlotus_notesMatch6.0.5

ibmlotus_notesMatch6.5

ibmlotus_notesMatch6.5.1

ibmlotus_notesMatch6.5.2

ibmlotus_notesMatch6.5.3

ibmlotus_notesMatch6.5.4

ibmlotus_notesMatch7.0

VendorProductVersionCPE
autonomykeyview_export_sdk*cpe:2.3:a:autonomy:keyview_export_sdk:*:*:*:*:*:*:*:*
autonomykeyview_filter_sdk*cpe:2.3:a:autonomy:keyview_filter_sdk:*:*:*:*:*:*:*:*
autonomykeyview_viewer_sdk*cpe:2.3:a:autonomy:keyview_viewer_sdk:*:*:*:*:*:*:*:*
ibmlotus_notes6.0.1cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*
ibmlotus_notes6.0.2cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*
ibmlotus_notes6.0.3cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*
ibmlotus_notes6.0.4cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*
ibmlotus_notes6.0.5cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*
ibmlotus_notes6.5cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
ibmlotus_notes6.5.1cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
autonomy	keyview_export_sdk	*	cpe:2.3:a:autonomy:keyview_export_sdk::::::::
autonomy	keyview_filter_sdk	*	cpe:2.3:a:autonomy:keyview_filter_sdk::::::::
autonomy	keyview_viewer_sdk	*	cpe:2.3:a:autonomy:keyview_viewer_sdk::::::::
ibm	lotus_notes	6.0.1	cpe:2.3:a:ibm:lotus_notes:6.0.1:::::::*
ibm	lotus_notes	6.0.2	cpe:2.3:a:ibm:lotus_notes:6.0.2:::::::*
ibm	lotus_notes	6.0.3	cpe:2.3:a:ibm:lotus_notes:6.0.3:::::::*
ibm	lotus_notes	6.0.4	cpe:2.3:a:ibm:lotus_notes:6.0.4:::::::*
ibm	lotus_notes	6.0.5	cpe:2.3:a:ibm:lotus_notes:6.0.5:::::::*
ibm	lotus_notes	6.5	cpe:2.3:a:ibm:lotus_notes:6.5:::::::*
ibm	lotus_notes	6.5.1	cpe:2.3:a:ibm:lotus_notes:6.5.1:::::::*

Rows per page:

1-10 of 141

References

secunia.com/advisories/16100

secunia.com/advisories/16280

secunia.com/secunia_research/2005-30/advisory/

secunia.com/secunia_research/2005-66/advisory/

securitytracker.com/id?1015657

www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918

www.osvdb.org/23066

www.securityfocus.com/archive/1/424717/100/0/threaded

www.securityfocus.com/bid/16576

www.vupen.com/english/advisories/2006/0500

exchange.xforce.ibmcloud.com/vulnerabilities/24637

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

High

EPSS

0.029

Percentile

90.8%

JSON

Related for CVE-2005-2619