Lucene search

CertccCVE-2013-3590

HistoryAug 28, 2013 - 1:09 p.m.

CVE-2013-3590

2013-08-2813:09:15

certcc

web.nvd.nist.gov

cve-2013-3590

unrestricted file upload

searchblox

security vulnerability

remote code execution

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.

Affected configurations

Nvd

Node

searchbloxsearchbloxRange≤7.5

searchbloxsearchbloxMatch6.2build_1

searchbloxsearchbloxMatch6.3build_1

searchbloxsearchbloxMatch6.4build_1

searchbloxsearchbloxMatch6.4build_2

searchbloxsearchbloxMatch7.0

searchbloxsearchbloxMatch7.1

searchbloxsearchbloxMatch7.2

searchbloxsearchbloxMatch7.3

searchbloxsearchbloxMatch7.4

VendorProductVersionCPE
searchbloxsearchblox*cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*
searchbloxsearchblox6.2cpe:2.3:a:searchblox:searchblox:6.2:build_1:*:*:*:*:*:*
searchbloxsearchblox6.3cpe:2.3:a:searchblox:searchblox:6.3:build_1:*:*:*:*:*:*
searchbloxsearchblox6.4cpe:2.3:a:searchblox:searchblox:6.4:build_1:*:*:*:*:*:*
searchbloxsearchblox6.4cpe:2.3:a:searchblox:searchblox:6.4:build_2:*:*:*:*:*:*
searchbloxsearchblox7.0cpe:2.3:a:searchblox:searchblox:7.0:*:*:*:*:*:*:*
searchbloxsearchblox7.1cpe:2.3:a:searchblox:searchblox:7.1:*:*:*:*:*:*:*
searchbloxsearchblox7.2cpe:2.3:a:searchblox:searchblox:7.2:*:*:*:*:*:*:*
searchbloxsearchblox7.3cpe:2.3:a:searchblox:searchblox:7.3:*:*:*:*:*:*:*
searchbloxsearchblox7.4cpe:2.3:a:searchblox:searchblox:7.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
searchblox	searchblox	*	cpe:2.3:a:searchblox:searchblox::::::::
searchblox	searchblox	6.2	cpe:2.3:a:searchblox:searchblox:6.2:build_1::::::
searchblox	searchblox	6.3	cpe:2.3:a:searchblox:searchblox:6.3:build_1::::::
searchblox	searchblox	6.4	cpe:2.3:a:searchblox:searchblox:6.4:build_1::::::
searchblox	searchblox	6.4	cpe:2.3:a:searchblox:searchblox:6.4:build_2::::::
searchblox	searchblox	7.0	cpe:2.3:a:searchblox:searchblox:7.0:::::::*
searchblox	searchblox	7.1	cpe:2.3:a:searchblox:searchblox:7.1:::::::*
searchblox	searchblox	7.2	cpe:2.3:a:searchblox:searchblox:7.2:::::::*
searchblox	searchblox	7.3	cpe:2.3:a:searchblox:searchblox:7.3:::::::*
searchblox	searchblox	7.4	cpe:2.3:a:searchblox:searchblox:7.4:::::::*

References

buddhalabs.com/Advisories/WebAdvisories.html

www.kb.cert.org/vuls/id/592942

www.searchblox.com/developers-2/change-log

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON

Related for CVE-2013-3590