CVE-2012-0907

2012-01-2017:55:02

CWE-22

[email protected]

web.nvd.nist.gov

cve

2012

0907

directory traversal

vulnerability

neoaxis

web player

remote attack

zip archive

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.2%

JSON

Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a … (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive.

Affected configurations

NVD

Node

neoaxisneoaxis_web_playerRange≤1.4

neoaxisneoaxis_web_playerMatch1.1

neoaxisneoaxis_web_playerMatch1.2

neoaxisneoaxis_web_playerMatch1.3

CPENameOperatorVersion
neoaxis:neoaxis_web_playerneoaxis neoaxis web playerle1.4
neoaxis:neoaxis_web_playerneoaxis neoaxis web playereq1.1
neoaxis:neoaxis_web_playerneoaxis neoaxis web playereq1.2
neoaxis:neoaxis_web_playerneoaxis neoaxis web playereq1.3

CPE	Name	Operator	Version
neoaxis:neoaxis_web_player	neoaxis neoaxis web player	le	1.4
neoaxis:neoaxis_web_player	neoaxis neoaxis web player	eq	1.1
neoaxis:neoaxis_web_player	neoaxis neoaxis web player	eq	1.2
neoaxis:neoaxis_web_player	neoaxis neoaxis web player	eq	1.3