Lucene search

MitreCVE-2005-3251

HistoryOct 17, 2005 - 8:06 p.m.

CVE-2005-3251

2005-10-1720:06:00

mitre

web.nvd.nist.gov

cve-2005-3251

directory traversal

gallery 2.0

remote code execution

security vulnerability

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.014

Percentile

86.5%

JSON

Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via “…” sequences in the g2_itemId parameter.

Affected configurations

Nvd

Node

gallery_projectgalleryMatch2.0

gallery_projectgalleryMatch2.0_alpha1

gallery_projectgalleryMatch2.0_alpha2

gallery_projectgalleryMatch2.0_alpha3

gallery_projectgalleryMatch2.0_alpha4

gallery_projectgalleryMatch2.0_beta1

gallery_projectgalleryMatch2.0_beta2

gallery_projectgalleryMatch2.0_beta3

VendorProductVersionCPE
gallery_projectgallery2.0cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha1cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha2cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha3cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha4cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*
gallery_projectgallery2.0_beta1cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*
gallery_projectgallery2.0_beta2cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*
gallery_projectgallery2.0_beta3cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gallery_project	gallery	2.0	cpe:2.3:a:gallery_project:gallery:2.0:::::::*
gallery_project	gallery	2.0_alpha1	cpe:2.3:a:gallery_project:gallery:2.0_alpha1:::::::*
gallery_project	gallery	2.0_alpha2	cpe:2.3:a:gallery_project:gallery:2.0_alpha2:::::::*
gallery_project	gallery	2.0_alpha3	cpe:2.3:a:gallery_project:gallery:2.0_alpha3:::::::*
gallery_project	gallery	2.0_alpha4	cpe:2.3:a:gallery_project:gallery:2.0_alpha4:::::::*
gallery_project	gallery	2.0_beta1	cpe:2.3:a:gallery_project:gallery:2.0_beta1:::::::*
gallery_project	gallery	2.0_beta2	cpe:2.3:a:gallery_project:gallery:2.0_beta2:::::::*
gallery_project	gallery	2.0_beta3	cpe:2.3:a:gallery_project:gallery:2.0_beta3:::::::*

References

dipper.info/security/20051012/

gallery.menalto.com/gallery_2.0.1_released

secunia.com/advisories/17205

securityreason.com/securityalert/88

www.vuxml.org/freebsd/47bdabcf-3cf9-11da-baa2-0004614cc33d.html

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.014

Percentile

86.5%

JSON

Related for CVE-2005-3251