Lucene search
HistoryDec 14, 2013 - 5:21 p.m.
CVE-2013-5107
cve
2013
5107
directory traversal
vulnerability
rockmongo
remote attackers
arbitrary files
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
0.015 Low
EPSS
Percentile
87.1%
Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a … (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php.
Affected configurations
Node
rockmongorockmongoRange≤1.1.5
ORrockmongorockmongoMatch1.0
ORrockmongorockmongoMatch1.0.1
ORrockmongorockmongoMatch1.0.2
ORrockmongorockmongoMatch1.0.3
ORrockmongorockmongoMatch1.0.4
ORrockmongorockmongoMatch1.0.5
ORrockmongorockmongoMatch1.0.6
ORrockmongorockmongoMatch1.0.7
ORrockmongorockmongoMatch1.0.8
ORrockmongorockmongoMatch1.0.9
ORrockmongorockmongoMatch1.0.10
ORrockmongorockmongoMatch1.0.11
ORrockmongorockmongoMatch1.0.12
ORrockmongorockmongoMatch1.1.1
ORrockmongorockmongoMatch1.1.2
ORrockmongorockmongoMatch1.1.3
ORrockmongorockmongoMatch1.1.4
Related
nvd
nvd
CVE-2013-5107
2013-12-14 17:21:45
prion
prion
Directory traversal
2013-12-14 17:21:00
cvelist
cvelist
CVE-2013-5107
2013-12-14 17:00:00
openvas
openvas
RockMongo Cross Site Scripting and Directory Traversal Vulnerabilities
2013-12-24 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
0.015 Low
EPSS
Percentile
87.1%
Related for CVE-2013-5107