Lucene search

[email protected]CVE-2010-2104

HistoryMay 27, 2010 - 10:30 p.m.

CVE-2010-2104

2010-05-2722:30:02

CWE-22

[email protected]

web.nvd.nist.gov

cve

2010

2104

orbit downloader

3.0.0.4

3.0.0.5

directory traversal

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.2%

JSON

Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.

Affected configurations

NVD

Node

orbitdownloaderorbit_downloaderMatch3.0.0.4

orbitdownloaderorbit_downloaderMatch3.0.0.5

CPENameOperatorVersion
orbitdownloader:orbit_downloaderorbitdownloader orbit downloadereq3.0.0.4
orbitdownloader:orbit_downloaderorbitdownloader orbit downloadereq3.0.0.5

CPE	Name	Operator	Version
orbitdownloader:orbit_downloader	orbitdownloader orbit downloader	eq	3.0.0.4
orbitdownloader:orbit_downloader	orbitdownloader orbit downloader	eq	3.0.0.5

References

secunia.com/advisories/39527

secunia.com/secunia_research/2010-73/

www.securityfocus.com/archive/1/511348/100/100/threaded

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.2%

JSON

Related for CVE-2010-2104

openvas2 nvd1 cvelist1 prion1