Lucene search

[email protected]CVE-2008-6522

HistoryMar 25, 2009 - 6:30 p.m.

CVE-2008-6522

2009-03-2518:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-6522

directory traversal

contentrender.class.php

terracotta

openterracotta

remote code execution

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON

Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a … (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php.

Affected configurations

NVD

Node

devraj_mukherjeeopenterracottaMatch0.6.1

CPENameOperatorVersion
devraj_mukherjee:openterracottadevraj mukherjee openterracottaeq0.6.1

CPE	Name	Operator	Version
devraj_mukherjee:openterracotta	devraj mukherjee openterracotta	eq	0.6.1

References

www.securityfocus.com/archive/1/490341/100/0/threaded

www.securityfocus.com/bid/28550

exchange.xforce.ibmcloud.com/vulnerabilities/41572

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON

Related for CVE-2008-6522

nvd1 prion1 cvelist1