CVE-2013-0136

2013-06-0114:21:05

CWE-22

certcc

web.nvd.nist.gov

mutiny

editdocument servlet

directory traversal

uploadpath

paths

newpath

delete

cut

copy

arbitrary programs

denial of service

cve-2013-0136

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.29

Percentile

96.9%

JSON

Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.

Affected configurations

Nvd

Node

mutinymutinyRange≤5.0-1.10

mutinymutinyMatch5.0-1.00

mutinymutiny_virtual_applianceMatch-

mutinymutiny_applianceMatch-

VendorProductVersionCPE
mutinymutiny*cpe:2.3:a:mutiny:mutiny:*:*:*:*:*:*:*:*
mutinymutiny5.0-1.00cpe:2.3:a:mutiny:mutiny:5.0-1.00:*:*:*:*:*:*:*
mutinymutiny_virtual_appliance-cpe:2.3:a:mutiny:mutiny_virtual_appliance:-:*:*:*:*:*:*:*
mutinymutiny_appliance-cpe:2.3:h:mutiny:mutiny_appliance:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mutiny	mutiny	*	cpe:2.3:a:mutiny:mutiny::::::::
mutiny	mutiny	5.0-1.00	cpe:2.3:a:mutiny:mutiny:5.0-1.00:::::::*
mutiny	mutiny_virtual_appliance	-	cpe:2.3:a:mutiny:mutiny_virtual_appliance:-:::::::*
mutiny	mutiny_appliance	-	cpe:2.3:h:mutiny:mutiny_appliance:-:::::::*