Lucene search

[email protected]CVE-2008-0758

HistoryFeb 13, 2008 - 9:00 p.m.

CVE-2008-0758

2008-02-1321:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-0758

zidget

http

directory traversal

vulnerability

extremez-ip

file and print server

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.0%

JSON

Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "…" (dot dot backslash) sequence in the filename.

Affected configurations

NVD

Node

group_logicextremez-ip_file_serverRange≤5.1.2

group_logicextremez-ip_print_serverRange≤5.1.2

CPENameOperatorVersion
group_logic:extremez-ip_file_servergroup logic extremez-ip file serverle5.1.2
group_logic:extremez-ip_print_servergroup logic extremez-ip print serverle5.1.2

CPE	Name	Operator	Version
group_logic:extremez-ip_file_server	group logic extremez-ip file server	le	5.1.2
group_logic:extremez-ip_print_server	group logic extremez-ip print server	le	5.1.2

References

aluigi.altervista.org/adv/ezipirla-adv.txt

aluigi.org/poc/ezipirla.zip

secunia.com/advisories/28862

www.grouplogic.com/files/ez/hot/hotFix51.cfm

www.securityfocus.com/archive/1/487952/100/0/threaded

www.securityfocus.com/bid/27718

www.vupen.com/english/advisories/2008/0485

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2008-0758

prion1 cvelist1 nvd1 nessus1