Lucene search

[email protected]NVD:CVE-2013-3590

HistoryAug 28, 2013 - 1:09 p.m.

CVE-2013-3590

2013-08-2813:09:15

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.

Affected configurations

NVD

Node

searchbloxsearchbloxRange≤7.5

searchbloxsearchbloxMatch6.2build_1

searchbloxsearchbloxMatch6.3build_1

searchbloxsearchbloxMatch6.4build_1

searchbloxsearchbloxMatch6.4build_2

searchbloxsearchbloxMatch7.0

searchbloxsearchbloxMatch7.1

searchbloxsearchbloxMatch7.2

searchbloxsearchbloxMatch7.3

searchbloxsearchbloxMatch7.4

References

buddhalabs.com/Advisories/WebAdvisories.html

www.kb.cert.org/vuls/id/592942

www.searchblox.com/developers-2/change-log

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON

Related for NVD:CVE-2013-3590

cve2 prion2 cvelist2 nvd1 openvas1 cert2