Lucene search

[email protected]CVE-2010-3306

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2010-3306

2022-10-0316:20:55

CWE-22

[email protected]

web.nvd.nist.gov

cve-2010-3306

directory traversal vulnerability

weborf

remote attackers

arbitrary files

uri

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.4%

JSON

Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via …%2f sequences in a URI.

Affected configurations

NVD

Node

salvo_g._tomaselliweborfRange≤0.12.2

salvo_g._tomaselliweborfMatch0.3

salvo_g._tomaselliweborfMatch0.4

salvo_g._tomaselliweborfMatch0.5

salvo_g._tomaselliweborfMatch0.6

salvo_g._tomaselliweborfMatch0.7

salvo_g._tomaselliweborfMatch0.8

salvo_g._tomaselliweborfMatch0.9

salvo_g._tomaselliweborfMatch0.10

salvo_g._tomaselliweborfMatch0.11

salvo_g._tomaselliweborfMatch0.12

salvo_g._tomaselliweborfMatch0.12.1

CPENameOperatorVersion
salvo_g._tomaselli:weborfsalvo g. tomaselli weborfle0.12.2
salvo_g._tomaselli:weborfsalvo g. tomaselli weborfeq0.3
salvo_g._tomaselli:weborfsalvo g. tomaselli weborfeq0.4
salvo_g._tomaselli:weborfsalvo g. tomaselli weborfeq0.5
salvo_g._tomaselli:weborfsalvo g. tomaselli weborfeq0.6
salvo_g._tomaselli:weborfsalvo g. tomaselli weborfeq0.7
salvo_g._tomaselli:weborfsalvo g. tomaselli weborfeq0.8
salvo_g._tomaselli:weborfsalvo g. tomaselli weborfeq0.9
salvo_g._tomaselli:weborfsalvo g. tomaselli weborfeq0.10
salvo_g._tomaselli:weborfsalvo g. tomaselli weborfeq0.11

CPE	Name	Operator	Version
salvo_g._tomaselli:weborf	salvo g. tomaselli weborf	le	0.12.2
salvo_g._tomaselli:weborf	salvo g. tomaselli weborf	eq	0.3
salvo_g._tomaselli:weborf	salvo g. tomaselli weborf	eq	0.4
salvo_g._tomaselli:weborf	salvo g. tomaselli weborf	eq	0.5
salvo_g._tomaselli:weborf	salvo g. tomaselli weborf	eq	0.6
salvo_g._tomaselli:weborf	salvo g. tomaselli weborf	eq	0.7
salvo_g._tomaselli:weborf	salvo g. tomaselli weborf	eq	0.8
salvo_g._tomaselli:weborf	salvo g. tomaselli weborf	eq	0.9
salvo_g._tomaselli:weborf	salvo g. tomaselli weborf	eq	0.10
salvo_g._tomaselli:weborf	salvo g. tomaselli weborf	eq	0.11

Rows per page:

1-10 of 121

References

code.google.com/p/weborf/source/detail?r=464

galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.3

secunia.com/advisories/41286

www.exploit-db.com/exploits/14925/

www.openwall.com/lists/oss-security/2010/09/17/3

www.openwall.com/lists/oss-security/2010/09/17/8

www.osvdb.org/67840

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.4%

JSON

Related for CVE-2010-3306

nvd1 cvelist1 debiancve1 prion1 ubuntucve1