Lucene search

MitreCVE-2008-1319

HistoryMar 13, 2008 - 2:44 p.m.

CVE-2008-1319

2008-03-1314:44:00

mitre

web.nvd.nist.gov

cve-2008-1319

versant object database

untrusted search path

vulnerability

command execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.022

Percentile

89.6%

JSON

Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field.

Affected configurations

Nvd

Node

versantversant_object_databaseRange≤7.0.1.3

versantversant_object_databaseMatch7.0.1

VendorProductVersionCPE
versantversant_object_database*cpe:2.3:a:versant:versant_object_database:*:*:*:*:*:*:*:*
versantversant_object_database7.0.1cpe:2.3:a:versant:versant_object_database:7.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
versant	versant_object_database	*	cpe:2.3:a:versant:versant_object_database::::::::
versant	versant_object_database	7.0.1	cpe:2.3:a:versant:versant_object_database:7.0.1:::::::*

References

aluigi.altervista.org/adv/versantcmd-adv.txt

marc.info/?l=bugtraq&m=120468784112145&w=2

secunia.com/advisories/29230

securityreason.com/securityalert/3738

www.securityfocus.com/archive/1/489139/100/0/threaded

www.securityfocus.com/bid/28097

www.vupen.com/english/advisories/2008/0764/references

exchange.xforce.ibmcloud.com/vulnerabilities/40997

www.exploit-db.com/exploits/5213

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.022

Percentile

89.6%

JSON

Related for CVE-2008-1319