Lucene search

[email protected]CVE-2008-2635

HistoryJun 10, 2008 - 12:32 a.m.

CVE-2008-2635

2008-06-1000:32:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-2635

directory traversal

bitkinex 2.9.3

ftp

webdav

code execution

nvd

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.8%

JSON

Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a … (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the BitKinex WebDAV client. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected configurations

NVD

Node

barad_durbitkinexMatch2.9.3

CPENameOperatorVersion
barad_dur:bitkinexbarad dur bitkinexeq2.9.3

CPE	Name	Operator	Version
barad_dur:bitkinex	barad dur bitkinex	eq	2.9.3

References

secunia.com/advisories/30532

vuln.sg/bitkinex293-en.html

www.vupen.com/english/advisories/2008/1738/references

exchange.xforce.ibmcloud.com/vulnerabilities/42842

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for CVE-2008-2635

prion1 cvelist1 nvd1