CVE-2004-0235

2004-08-1804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

lha

directory traversal

vulnerability

file creation

nvd

cve-2004-0235

6.5 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

79.1%

JSON

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) … sequences or (2) absolute pathnames with double leading slashes (“//absolute/path”).

CPENameOperatorVersion
clearswift:mailsweeperclearswift mailsweepereq4.3
clearswift:mailsweeperclearswift mailsweepereq4.3.6
f-secure:f-secure_anti-virusf-secure f-secure anti-viruseq5.42
clearswift:mailsweeperclearswift mailsweepereq4.0
tsugio_okamoto:lhatsugio okamoto lhaeq1.17
f-secure:f-secure_anti-virusf-secure f-secure anti-viruseq5.41
f-secure:internet_gatekeeperf-secure internet gatekeepereq6.32
f-secure:f-secure_internet_securityf-secure f-secure internet securityeq2003
sgi:propacksgi propackeq3.0
rarlab:winrarrarlab winrareq3.20

CPE	Name	Operator	Version
clearswift:mailsweeper	clearswift mailsweeper	eq	4.3
clearswift:mailsweeper	clearswift mailsweeper	eq	4.3.6
f-secure:f-secure_anti-virus	f-secure f-secure anti-virus	eq	5.42
clearswift:mailsweeper	clearswift mailsweeper	eq	4.0
tsugio_okamoto:lha	tsugio okamoto lha	eq	1.17
f-secure:f-secure_anti-virus	f-secure f-secure anti-virus	eq	5.41
f-secure:internet_gatekeeper	f-secure internet gatekeeper	eq	6.32
f-secure:f-secure_internet_security	f-secure f-secure internet security	eq	2003
sgi:propack	sgi propack	eq	3.0
rarlab:winrar	rarlab winrar	eq	3.20