Lucene search
HistoryAug 28, 2013 - 1:09 p.m.
CVE-2013-3590
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.02
Percentile
89.0%
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.
Affected configurations
Node
searchbloxsearchbloxRange≤7.5
ORsearchbloxsearchbloxMatch6.2build_1
ORsearchbloxsearchbloxMatch6.3build_1
ORsearchbloxsearchbloxMatch6.4build_1
ORsearchbloxsearchbloxMatch6.4build_2
ORsearchbloxsearchbloxMatch7.0
ORsearchbloxsearchbloxMatch7.1
ORsearchbloxsearchbloxMatch7.2
ORsearchbloxsearchbloxMatch7.3
ORsearchbloxsearchbloxMatch7.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| searchblox | searchblox | * | cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:* |
| searchblox | searchblox | 6.2 | cpe:2.3:a:searchblox:searchblox:6.2:build_1:*:*:*:*:*:* |
| searchblox | searchblox | 6.3 | cpe:2.3:a:searchblox:searchblox:6.3:build_1:*:*:*:*:*:* |
| searchblox | searchblox | 6.4 | cpe:2.3:a:searchblox:searchblox:6.4:build_1:*:*:*:*:*:* |
| searchblox | searchblox | 6.4 | cpe:2.3:a:searchblox:searchblox:6.4:build_2:*:*:*:*:*:* |
| searchblox | searchblox | 7.0 | cpe:2.3:a:searchblox:searchblox:7.0:*:*:*:*:*:*:* |
| searchblox | searchblox | 7.1 | cpe:2.3:a:searchblox:searchblox:7.1:*:*:*:*:*:*:* |
| searchblox | searchblox | 7.2 | cpe:2.3:a:searchblox:searchblox:7.2:*:*:*:*:*:*:* |
| searchblox | searchblox | 7.3 | cpe:2.3:a:searchblox:searchblox:7.3:*:*:*:*:*:*:* |
| searchblox | searchblox | 7.4 | cpe:2.3:a:searchblox:searchblox:7.4:*:*:*:*:*:*:* |
Related
prion
prion
Unrestricted file upload
2013-08-28 13:09:00
Unrestricted file upload
2015-04-18 02:00:00
cvelist
cvelist
CVE-2013-3590
2013-08-28 01:00:00
CVE-2015-0968
2015-04-18 01:00:00
cve
cve
CVE-2013-3590
2013-08-28 13:09:15
CVE-2015-0968
2015-04-18 02:00:05
nvd
nvd
CVE-2015-0968
2015-04-18 02:00:05
openvas
openvas
SearchBlox Multiple Vulnerabilities (Sep 2013)
2013-09-03 00:00:00
cert
cert
SearchBlox contains multiple vulnerabilities
2013-08-23 00:00:00
SearchBlox contains multiple vulnerabilities
2015-04-14 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.02
Percentile
89.0%
Related for NVD:CVE-2013-3590