Lucene search

[email protected]CVE-2009-4098

HistoryNov 29, 2009 - 1:08 p.m.

CVE-2009-4098

2009-11-2913:08:29

CWE-20

[email protected]

web.nvd.nist.gov

cve-2009-4098

nvd

file upload

vulnerability

openx adserver

arbitrary codeexecution

images directory

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.128 Low

EPSS

Percentile

95.5%

JSON

Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.

Affected configurations

NVD

Node

openxopenxRange≤2.8.1

openxopenxMatch2.4

openxopenxMatch2.6.1

openxopenxMatch2.6.3

openxopenxMatch2.8

CPENameOperatorVersion
openx:openxopenxle2.8.1
openx:openxopenxeq2.4
openx:openxopenxeq2.6.1
openx:openxopenxeq2.6.3
openx:openxopenxeq2.8

CPE	Name	Operator	Version
openx:openx	openx	le	2.8.1
openx:openx	openx	eq	2.4
openx:openx	openx	eq	2.6.1
openx:openx	openx	eq	2.6.3
openx:openx	openx	eq	2.8

References

osvdb.org/60499

secunia.com/advisories/37475

www.openx.org/docs/2.8/release-notes/openx-2.8.2

www.securityfocus.com/archive/1/508050/100/0/threaded

www.securityfocus.com/bid/37110

developer.openx.org/jira/browse/OX-5747

exchange.xforce.ibmcloud.com/vulnerabilities/54394

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.128 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2009-4098

nvd1 prion1 cvelist1 openvas2 packetstorm1