Lucene search

[email protected]CVE-2015-0906

HistoryApr 15, 2015 - 10:59 a.m.

CVE-2015-0906

2015-04-1510:59:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2015

0906

directory traversal

vulnerability

lhaplus

remote attackers

arbitrary files

crafted archive

nvd

7 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.003 Low

EPSS

Percentile

70.1%

JSON

Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive.

CPENameOperatorVersion
lhaplus:lhapluslhapluseq1.56
lhaplus:lhapluslhapluseq1.57
lhaplus:lhapluslhapluseq1.53
lhaplus:lhapluslhapluseq1.55
lhaplus:lhapluslhaplusle1.59
lhaplus:lhapluslhapluseq1.52

CPE	Name	Operator	Version
lhaplus:lhaplus	lhaplus	eq	1.56
lhaplus:lhaplus	lhaplus	eq	1.57
lhaplus:lhaplus	lhaplus	eq	1.53
lhaplus:lhaplus	lhaplus	eq	1.55
lhaplus:lhaplus	lhaplus	le	1.59
lhaplus:lhaplus	lhaplus	eq	1.52

References

jvn.jp/en/jp/JVN02527990/414318/index.html

jvn.jp/en/jp/JVN02527990/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000050

www7a.biglobe.ne.jp/~schezo/

7 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.003 Low

EPSS

Percentile

70.1%

JSON

Related for CVE-2015-0906

jvn1 prion1 cvelist1