Lucene search

[email protected]CVE-2007-2285

HistoryApr 26, 2007 - 7:19 p.m.

CVE-2007-2285

2007-04-2619:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2285

directory traversal

jack slocum ext 1.0 alpha1

ext js

feed-proxy.php

remote attackers

6.9 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.03 Low

EPSS

Percentile

90.7%

JSON

Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a … (dot dot) in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be platform dependent.

CPENameOperatorVersion
jack_slocum:ext_jsjack slocum ext jseq1.0_alpha1

CPE	Name	Operator	Version
jack_slocum:ext_js	jack slocum ext js	eq	1.0_alpha1

References

attrition.org/pipermail/vim/2007-April/001545.html

attrition.org/pipermail/vim/2007-April/001546.html

attrition.org/pipermail/vim/2007-April/001549.html

osvdb.org/35561

www.securityfocus.com/bid/23643

exchange.xforce.ibmcloud.com/vulnerabilities/33864

www.exploit-db.com/exploits/3800

6.9 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.03 Low

EPSS

Percentile

90.7%

JSON

Related for CVE-2007-2285

prion1 f51