Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2007-2836HistoryJul 02, 2007 - 7:30 p.m.
CVE-2007-2836
2007-07-0219:30:00
Debian Security Bug Tracker
security-tracker.debian.org
8
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
EPSS
0.023
Percentile
89.8%
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | hiki | < 0.8.7-1 | hiki_0.8.7-1_all.deb |
| Debian | 11 | all | hiki | < 0.8.7-1 | hiki_0.8.7-1_all.deb |
| Debian | 999 | all | hiki | < 0.8.7-1 | hiki_0.8.7-1_all.deb |
Related
debian
debian
[SECURITY] [DSA 1324-1] New hiki packages fix missing input sanitising
2007-06-28 21:04:32
osv
osv
hiki
2007-06-28 00:00:00
prion
prion
Directory traversal
2007-07-02 19:30:00
Design/Logic Flaw
2007-06-26 17:30:00
cvelist
cvelist
CVE-2007-2836
2007-07-02 19:00:00
nvd
nvd
CVE-2007-2836
2007-07-02 19:30:00
CVE-2007-3395
2007-06-26 17:30:00
nessus
nessus
Debian DSA-1324-1 : hiki - missing input sanitising
2007-07-01 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1324-1)
2023-03-08 00:00:00
cve
cve
CVE-2007-2836
2007-07-02 19:30:00
CVE-2007-3395
2007-06-26 17:30:00
ubuntucve
ubuntucve
CVE-2007-2836
2007-07-02 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
EPSS
0.023
Percentile
89.8%
Related for DEBIANCVE:CVE-2007-2836