Lucene search

MitreCVE-2009-1678

HistoryMay 18, 2009 - 6:30 p.m.

CVE-2009-1678

2009-05-1818:30:01

CWE-22

mitre

web.nvd.nist.gov

cve

2009

1678

directory traversal

vulnerability

bitweaver

rss

php

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.008

Percentile

81.6%

JSON

Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a … (dot dot) in the version parameter to boards/boards_rss.php.

Affected configurations

Nvd

Node

bitweaverbitweaverRange≤2.6

bitweaverbitweaverMatch1.1

bitweaverbitweaverMatch1.1.1_beta

bitweaverbitweaverMatch1.2.1

bitweaverbitweaverMatch1.3

bitweaverbitweaverMatch1.3.1

bitweaverbitweaverMatch2.0.0

bitweaverbitweaverMatch2.0.2

bitweaverbitweaverMatch2.5

VendorProductVersionCPE
bitweaverbitweaver*cpe:2.3:a:bitweaver:bitweaver:*:*:*:*:*:*:*:*
bitweaverbitweaver1.1cpe:2.3:a:bitweaver:bitweaver:1.1:*:*:*:*:*:*:*
bitweaverbitweaver1.1.1_betacpe:2.3:a:bitweaver:bitweaver:1.1.1_beta:*:*:*:*:*:*:*
bitweaverbitweaver1.2.1cpe:2.3:a:bitweaver:bitweaver:1.2.1:*:*:*:*:*:*:*
bitweaverbitweaver1.3cpe:2.3:a:bitweaver:bitweaver:1.3:*:*:*:*:*:*:*
bitweaverbitweaver1.3.1cpe:2.3:a:bitweaver:bitweaver:1.3.1:*:*:*:*:*:*:*
bitweaverbitweaver2.0.0cpe:2.3:a:bitweaver:bitweaver:2.0.0:*:*:*:*:*:*:*
bitweaverbitweaver2.0.2cpe:2.3:a:bitweaver:bitweaver:2.0.2:*:*:*:*:*:*:*
bitweaverbitweaver2.5cpe:2.3:a:bitweaver:bitweaver:2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bitweaver	bitweaver	*	cpe:2.3:a:bitweaver:bitweaver::::::::
bitweaver	bitweaver	1.1	cpe:2.3:a:bitweaver:bitweaver:1.1:::::::*
bitweaver	bitweaver	1.1.1_beta	cpe:2.3:a:bitweaver:bitweaver:1.1.1_beta:::::::*
bitweaver	bitweaver	1.2.1	cpe:2.3:a:bitweaver:bitweaver:1.2.1:::::::*
bitweaver	bitweaver	1.3	cpe:2.3:a:bitweaver:bitweaver:1.3:::::::*
bitweaver	bitweaver	1.3.1	cpe:2.3:a:bitweaver:bitweaver:1.3.1:::::::*
bitweaver	bitweaver	2.0.0	cpe:2.3:a:bitweaver:bitweaver:2.0.0:::::::*
bitweaver	bitweaver	2.0.2	cpe:2.3:a:bitweaver:bitweaver:2.0.2:::::::*
bitweaver	bitweaver	2.5	cpe:2.3:a:bitweaver:bitweaver:2.5:::::::*

References

secunia.com/advisories/35057

www.securityfocus.com/archive/1/503435

www.securityfocus.com/bid/34910

www.exploit-db.com/exploits/8659

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.008

Percentile

81.6%

JSON

Related for CVE-2009-1678