Lucene search

[email protected]CVE-2011-4431

HistoryNov 10, 2011 - 12:55 a.m.

CVE-2011-4431

2011-11-1000:55:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2011-4431

directory traversal

merethis centreon

security vulnerability

remote code execution

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

JSON

Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a … (dot dot) in the command_name parameter.

Affected configurations

NVD

Node

merethiscentreonRange≤2.3.1

merethiscentreonMatch1.4

merethiscentreonMatch1.4.1

merethiscentreonMatch1.4.2

merethiscentreonMatch1.4.2.1

merethiscentreonMatch1.4.2.2

merethiscentreonMatch1.4.2.3

merethiscentreonMatch1.4.2.4

merethiscentreonMatch1.4.2.5

merethiscentreonMatch1.4.2.6

merethiscentreonMatch1.4.2.7

merethiscentreonMatch2.0b2

merethiscentreonMatch2.0b3

merethiscentreonMatch2.0b4

merethiscentreonMatch2.0b5

merethiscentreonMatch2.0b6

merethiscentreonMatch2.0rc1

merethiscentreonMatch2.0rc2

merethiscentreonMatch2.0rc3

merethiscentreonMatch2.0rc4

merethiscentreonMatch2.0rc5

merethiscentreonMatch2.0.1

merethiscentreonMatch2.0.2

merethiscentreonMatch2.1.0

merethiscentreonMatch2.1.1

merethiscentreonMatch2.1.2

merethiscentreonMatch2.1.3

merethiscentreonMatch2.1.4

merethiscentreonMatch2.1.5

merethiscentreonMatch2.1.6

merethiscentreonMatch2.1.7

merethiscentreonMatch2.1.8

merethiscentreonMatch2.1.9

merethiscentreonMatch2.1.10

merethiscentreonMatch2.1.11

merethiscentreonMatch2.1.12

merethiscentreonMatch2.1.13

merethiscentreonMatch2.2

merethiscentreonMatch2.2b1

merethiscentreonMatch2.2rc1

merethiscentreonMatch2.2rc2

merethiscentreonMatch2.2.1

merethiscentreonMatch2.2.2

merethiscentreonMatch2.3.0

merethiscentreonMatch2.3.0rc3

CPENameOperatorVersion
merethis:centreonmerethis centreonle2.3.1
merethis:centreonmerethis centreoneq1.4
merethis:centreonmerethis centreoneq1.4.1
merethis:centreonmerethis centreoneq1.4.2
merethis:centreonmerethis centreoneq1.4.2.1
merethis:centreonmerethis centreoneq1.4.2.2
merethis:centreonmerethis centreoneq1.4.2.3
merethis:centreonmerethis centreoneq1.4.2.4
merethis:centreonmerethis centreoneq1.4.2.5
merethis:centreonmerethis centreoneq1.4.2.6

CPE	Name	Operator	Version
merethis:centreon	merethis centreon	le	2.3.1
merethis:centreon	merethis centreon	eq	1.4
merethis:centreon	merethis centreon	eq	1.4.1
merethis:centreon	merethis centreon	eq	1.4.2
merethis:centreon	merethis centreon	eq	1.4.2.1
merethis:centreon	merethis centreon	eq	1.4.2.2
merethis:centreon	merethis centreon	eq	1.4.2.3
merethis:centreon	merethis centreon	eq	1.4.2.4
merethis:centreon	merethis centreon	eq	1.4.2.5
merethis:centreon	merethis centreon	eq	1.4.2.6

Rows per page:

1-10 of 321

References

securityreason.com/securityalert/8530

www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

JSON

Related for CVE-2011-4431

cvelist1 nvd1 seebug1 prion1