Lucene search

MitreCVE-2008-0656

HistoryFeb 07, 2008 - 9:00 p.m.

CVE-2008-0656

2008-02-0721:00:00

CWE-20

mitre

web.nvd.nist.gov

cve-2008-0656

unrestricted file upload

emc documentum administrator

remote attackers

arbitrary files

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

High

EPSS

0.021

Percentile

89.4%

JSON

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.

Affected configurations

Nvd

Node

emcdocumentum_administratorMatch4.2.8

emcdocumentum_administratorMatch5.2.5

emcdocumentum_administratorMatch5.2.5_sp2

emcdocumentum_administratorMatch5.3.0.313

emcdocumentum_webtopMatch5.2.5

emcdocumentum_webtopMatch5.2.5_sp2

emcdocumentum_webtopMatch5.3.0.317

VendorProductVersionCPE
emcdocumentum_administrator4.2.8cpe:2.3:a:emc:documentum_administrator:4.2.8:*:*:*:*:*:*:*
emcdocumentum_administrator5.2.5cpe:2.3:a:emc:documentum_administrator:5.2.5:*:*:*:*:*:*:*
emcdocumentum_administrator5.2.5_sp2cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:*:*:*:*:*:*:*
emcdocumentum_administrator5.3.0.313cpe:2.3:a:emc:documentum_administrator:5.3.0.313:*:*:*:*:*:*:*
emcdocumentum_webtop5.2.5cpe:2.3:a:emc:documentum_webtop:5.2.5:*:*:*:*:*:*:*
emcdocumentum_webtop5.2.5_sp2cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:*:*:*:*:*:*:*
emcdocumentum_webtop5.3.0.317cpe:2.3:a:emc:documentum_webtop:5.3.0.317:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_administrator	4.2.8	cpe:2.3:a:emc:documentum_administrator:4.2.8:::::::*
emc	documentum_administrator	5.2.5	cpe:2.3:a:emc:documentum_administrator:5.2.5:::::::*
emc	documentum_administrator	5.2.5_sp2	cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:::::::*
emc	documentum_administrator	5.3.0.313	cpe:2.3:a:emc:documentum_administrator:5.3.0.313:::::::*
emc	documentum_webtop	5.2.5	cpe:2.3:a:emc:documentum_webtop:5.2.5:::::::*
emc	documentum_webtop	5.2.5_sp2	cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:::::::*
emc	documentum_webtop	5.3.0.317	cpe:2.3:a:emc:documentum_webtop:5.3.0.317:::::::*

References

secunia.com/advisories/28810

securityreason.com/securityalert/3626

www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf

www.securityfocus.com/archive/1/487603/100/0/threaded

www.securityfocus.com/bid/27632

www.securitytracker.com/id?1019305

www.vupen.com/english/advisories/2008/0439

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

High

EPSS

0.021

Percentile

89.4%

JSON

Related for CVE-2008-0656