Lucene search

[email protected]CVE-2007-5706

HistoryOct 29, 2007 - 10:46 p.m.

CVE-2007-5706

2007-10-2922:46:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2007-5706

absolute path traversal

download.php

jeebles directory 2.9.60

information security

vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

JSON

Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

jeeblestechnologyjeebles_directoryMatch2.9.60

CPENameOperatorVersion
jeeblestechnology:jeebles_directoryjeeblestechnology jeebles directoryeq2.9.60

CPE	Name	Operator	Version
jeeblestechnology:jeebles_directory	jeeblestechnology jeebles directory	eq	2.9.60

References

secunia.com/advisories/27345

securityreason.com/securityalert/3315

www.securityfocus.com/archive/1/482612/100/0/threaded

www.securityfocus.com/bid/26171

exchange.xforce.ibmcloud.com/vulnerabilities/37378

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

JSON

Related for CVE-2007-5706

nvd1 prion1 cvelist1