Lucene search
HistoryOct 11, 2013 - 10:55 p.m.
CVE-2013-4173
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.6
Confidence
Low
EPSS
0.008
Percentile
81.5%
Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a … (dot dot) in the host name in a “drophost” command.
Affected configurations
Node
xymonxymonRange≤4.3.1
ORxymonxymonMatch4.0
ORxymonxymonMatch4.0.1
ORxymonxymonMatch4.0.2
ORxymonxymonMatch4.0.3
ORxymonxymonMatch4.0.4
ORxymonxymonMatch4.1.0
ORxymonxymonMatch4.1.1
ORxymonxymonMatch4.1.2
ORxymonxymonMatch4.2.0
ORxymonxymonMatch4.2.2
ORxymonxymonMatch4.2.3
ORxymonxymonMatch4.3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xymon | xymon | * | cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:* |
| xymon | xymon | 4.0 | cpe:2.3:a:xymon:xymon:4.0:*:*:*:*:*:*:* |
| xymon | xymon | 4.0.1 | cpe:2.3:a:xymon:xymon:4.0.1:*:*:*:*:*:*:* |
| xymon | xymon | 4.0.2 | cpe:2.3:a:xymon:xymon:4.0.2:*:*:*:*:*:*:* |
| xymon | xymon | 4.0.3 | cpe:2.3:a:xymon:xymon:4.0.3:*:*:*:*:*:*:* |
| xymon | xymon | 4.0.4 | cpe:2.3:a:xymon:xymon:4.0.4:*:*:*:*:*:*:* |
| xymon | xymon | 4.1.0 | cpe:2.3:a:xymon:xymon:4.1.0:*:*:*:*:*:*:* |
| xymon | xymon | 4.1.1 | cpe:2.3:a:xymon:xymon:4.1.1:*:*:*:*:*:*:* |
| xymon | xymon | 4.1.2 | cpe:2.3:a:xymon:xymon:4.1.2:*:*:*:*:*:*:* |
| xymon | xymon | 4.2.0 | cpe:2.3:a:xymon:xymon:4.2.0:*:*:*:*:*:*:* |
Related
securityvulns
securityvulns
[ MDVSA-2013:213 ] xymon
2013-09-09 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0243)
2022-01-28 00:00:00
debiancve
debiancve
CVE-2013-4173
2013-10-11 22:55:39
cvelist
cvelist
CVE-2013-4173
2013-10-11 22:00:00
cve
cve
CVE-2013-4173
2013-10-11 22:55:39
nessus
nessus
Mandriva Linux Security Advisory : xymon (MDVSA-2013:213)
2013-08-14 00:00:00
mageia
mageia
Updated xymon package fixes security vulnerability.
2013-08-11 16:20:08
prion
prion
Directory traversal
2013-10-11 22:55:00
ubuntucve
ubuntucve
CVE-2013-4173
2013-10-11 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.6
Confidence
Low
EPSS
0.008
Percentile
81.5%
Related for NVD:CVE-2013-4173