Lucene search

[email protected]CVE-2010-2627

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-2627

2022-10-0316:21:08

CWE-22

[email protected]

web.nvd.nist.gov

cve

2010

2627

directory traversal

vulnerabilities

refractor 2 engine

battlefield 2

battlefield 2142

remote servers

arbitrary files

urls

demodownloadurl

demoindexurl

custommapsurl

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "…" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.

Affected configurations

NVD

Node

eabattlefield_2Range≤2.1.50

eabattlefield_2142Range≤1.10.48.0

CPENameOperatorVersion
ea:battlefield_2ea battlefield 2le2.1.50
ea:battlefield_2142ea battlefield 2142le1.10.48.0

CPE	Name	Operator	Version
ea:battlefield_2	ea battlefield 2	le	2.1.50
ea:battlefield_2142	ea battlefield 2142	le	1.10.48.0

References

aluigi.altervista.org/adv/bf2urlz-adv.txt

osvdb.org/65863

secunia.com/advisories/40334

www.securityfocus.com/bid/41262

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

Related for CVE-2010-2627

cvelist1 nvd1 prion1