Lucene search

[email protected]NVD:CVE-2010-2104

HistoryMay 27, 2010 - 10:30 p.m.

CVE-2010-2104

2010-05-2722:30:02

CWE-22

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.

Affected configurations

NVD

Node

orbitdownloaderorbit_downloaderMatch3.0.0.4

orbitdownloaderorbit_downloaderMatch3.0.0.5

References

secunia.com/advisories/39527

secunia.com/secunia_research/2010-73/

www.securityfocus.com/archive/1/511348/100/100/threaded

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

Related for NVD:CVE-2010-2104

cve1 openvas2 prion1 cvelist1