Lucene search

[email protected]CVE-2008-2575

HistoryJun 06, 2008 - 10:32 p.m.

CVE-2008-2575

2008-06-0622:32:00

CWE-78

[email protected]

web.nvd.nist.gov

cve-2008-2575

cbrpager

remote execution

archive filename

vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.056 Low

EPSS

Percentile

93.3%

JSON

cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.

Affected configurations

NVD

Node

jcoppenscbrpagerRange<0.9.17

Node

fedoraprojectfedoraMatch7

fedoraprojectfedoraMatch8

fedoraprojectfedoraMatch9

CPENameOperatorVersion
jcoppens:cbrpagerjcoppens cbrpagerlt0.9.17

CPE	Name	Operator	Version
jcoppens:cbrpager	jcoppens cbrpager	lt	0.9.17

References

cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-filen-shell-escaping.patch?rev=1.2

secunia.com/advisories/30417

secunia.com/advisories/30438

secunia.com/advisories/30701

security.gentoo.org/glsa/glsa-200806-05.xml

sourceforge.net/forum/forum.php?forum_id=827120

sourceforge.net/project/shownotes.php?release_id=601538&group_id=119647

www.jcoppens.com/soft/cbrpager/log.en.php

www.vupen.com/english/advisories/2008/1693/references

bugzilla.redhat.com/show_bug.cgi?id=448285

exchange.xforce.ibmcloud.com/vulnerabilities/42741

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.056 Low

EPSS

Percentile

93.3%

JSON

Related for CVE-2008-2575

openvas2 gentoo1 nvd1 securityvulns2 debiancve1 cvelist1 ubuntucve1 prion1 nessus1