Lucene search

[email protected]CVE-2008-2241

HistoryMay 21, 2008 - 1:24 p.m.

CVE-2008-2241

2008-05-2113:24:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-2241

directory traversal vulnerability

ca brightstor arcserve backup

remote attackers

code execution

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.25 Low

EPSS

Percentile

96.7%

JSON

Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.

CPENameOperatorVersion
ca:brightstor_arcserve_backupca brightstor arcserve backupeqr11.0
ca:brightstor_arcserve_backupca brightstor arcserve backupeq11.0
ca:business_protection_suiteca business protection suiteeq2.0
broadcom:brightstor_arcserve_backupbroadcom brightstor arcserve backupeq11.5
broadcom:brightstor_arcserve_backupbroadcom brightstor arcserve backupeq11.1
broadcom:server_protection_suitebroadcom server protection suiteeq2

CPE	Name	Operator	Version
ca:brightstor_arcserve_backup	ca brightstor arcserve backup	eq	r11.0
ca:brightstor_arcserve_backup	ca brightstor arcserve backup	eq	11.0
ca:business_protection_suite	ca business protection suite	eq	2.0
broadcom:brightstor_arcserve_backup	broadcom brightstor arcserve backup	eq	11.5
broadcom:brightstor_arcserve_backup	broadcom brightstor arcserve backup	eq	11.1
broadcom:server_protection_suite	broadcom server protection suite	eq	2

References

secunia.com/advisories/30300

www.securityfocus.com/archive/1/492266/100/0/threaded

www.securityfocus.com/archive/1/492274/100/0/threaded

www.securityfocus.com/bid/29283

www.securitytracker.com/id?1020043

www.vupen.com/english/advisories/2008/1573/references

www.zerodayinitiative.com/advisories/ZDI-08-027/

exchange.xforce.ibmcloud.com/vulnerabilities/42524

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.25 Low

EPSS

Percentile

96.7%

JSON

Related for CVE-2008-2241

zdi1 prion1 securityvulns3 nessus1 seebug1