Lucene search

[email protected]CVE-2007-0389

HistoryJan 19, 2007 - 11:28 p.m.

CVE-2007-0389

2007-01-1923:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0389

directory traversal

arsdigita community system

acs 3.4.10

aces 1.1

remote attackers

arbitrary file read

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

88.0%

JSON

Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.

Affected configurations

NVD

Node

arsdigitaarsdigita_community_education_solutionMatch1.1

arsdigitaarsdigita_community_systemRange≤3.4.10

CPENameOperatorVersion
arsdigita:arsdigita_community_education_solutionarsdigita arsdigita community education solutioneq1.1
arsdigita:arsdigita_community_systemarsdigita arsdigita community systemle3.4.10

CPE	Name	Operator	Version
arsdigita:arsdigita_community_education_solution	arsdigita arsdigita community education solution	eq	1.1
arsdigita:arsdigita_community_system	arsdigita arsdigita community system	le	3.4.10

References

osvdb.org/33552

www.securityfocus.com/archive/1/457318/100/0/threaded

www.securityfocus.com/bid/22121

www.vupen.com/english/advisories/2007/0286

exchange.xforce.ibmcloud.com/vulnerabilities/31613

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

88.0%

JSON

Related for CVE-2007-0389

nvd1 cvelist1 prion1 securityvulns1