Lucene search

[email protected]CVE-2009-3447

HistorySep 29, 2009 - 3:30 p.m.

CVE-2009-3447

2009-09-2915:30:00

CWE-362

[email protected]

web.nvd.nist.gov

cve-2009-3447

unrestricted file upload

radactive i-load

remote code execution

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.6%

JSON

Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window.

Affected configurations

NVD

Node

radactivei-loadRange≤2008.2.4.0

radactivei-loadMatch1.6.3

radactivei-loadMatch1.6.3.1

radactivei-loadMatch1.6.3.2

radactivei-loadMatch1.6.3.3

radactivei-loadMatch1.7.0.0

radactivei-loadMatch1.7.0.1

radactivei-loadMatch1.7.0.2

radactivei-loadMatch1.7.0.3

radactivei-loadMatch1.7.0.4

radactivei-loadMatch1.7.0.5

radactivei-loadMatch1.7.0.6

radactivei-loadMatch1.7.0.7

radactivei-loadMatch1.7.0.8

radactivei-loadMatch1.7.0.9

radactivei-loadMatch1.7.0.10

radactivei-loadMatch1.7.0.11

radactivei-loadMatch1.7.0.12

radactivei-loadMatch1.7.5.0

radactivei-loadMatch1.7.5.1

radactivei-loadMatch1.7.5.2

radactivei-loadMatch1.7.6.0

radactivei-loadMatch1.7.6.1

radactivei-loadMatch1.7.7.0

radactivei-loadMatch1.7.7.1

radactivei-loadMatch1.7.7.2

radactivei-loadMatch1.7.7.3

radactivei-loadMatch1.7.7.4

radactivei-loadMatch1.7.7.5

radactivei-loadMatch1.7.7.6

radactivei-loadMatch1.7.7.8

radactivei-loadMatch1.7.7.9

radactivei-loadMatch1.7.7.11

radactivei-loadMatch2008.1.0.0

radactivei-loadMatch2008.1.0.1

radactivei-loadMatch2008.1.0.2

radactivei-loadMatch2008.1.1.0

radactivei-loadMatch2008.1.2.0

radactivei-loadMatch2008.1.2.1

radactivei-loadMatch2008.1.3.0

radactivei-loadMatch2008.2.1.0

radactivei-loadMatch2008.2.1.1

radactivei-loadMatch2008.2.2.0

radactivei-loadMatch2008.2.3.0

radactivei-loadMatch2008.2.3.1

radactivei-loadMatch2008.2.3.2

CPENameOperatorVersion
radactive:i-loadradactive i-loadle2008.2.4.0
radactive:i-loadradactive i-loadeq1.6.3
radactive:i-loadradactive i-loadeq1.6.3.1
radactive:i-loadradactive i-loadeq1.6.3.2
radactive:i-loadradactive i-loadeq1.6.3.3
radactive:i-loadradactive i-loadeq1.7.0.0
radactive:i-loadradactive i-loadeq1.7.0.1
radactive:i-loadradactive i-loadeq1.7.0.2
radactive:i-loadradactive i-loadeq1.7.0.3
radactive:i-loadradactive i-loadeq1.7.0.4

CPE	Name	Operator	Version
radactive:i-load	radactive i-load	le	2008.2.4.0
radactive:i-load	radactive i-load	eq	1.6.3
radactive:i-load	radactive i-load	eq	1.6.3.1
radactive:i-load	radactive i-load	eq	1.6.3.2
radactive:i-load	radactive i-load	eq	1.6.3.3
radactive:i-load	radactive i-load	eq	1.7.0.0
radactive:i-load	radactive i-load	eq	1.7.0.1
radactive:i-load	radactive i-load	eq	1.7.0.2
radactive:i-load	radactive i-load	eq	1.7.0.3
radactive:i-load	radactive i-load	eq	1.7.0.4

Rows per page:

1-10 of 461

References

radnet.radactive.com/forum/Default.aspx?g=posts&t=339

secunia.com/advisories/23807

www.osvdb.org/58197

www.securityfocus.com/archive/1/506555/100/0/threaded

www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.6%

JSON

Related for CVE-2009-3447

cvelist1 prion1 nvd1