Lucene search

[email protected]NVD:CVE-2015-0557

HistoryApr 08, 2015 - 6:59 p.m.

CVE-2015-0557

2015-04-0818:59:04

CWE-22

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.7%

JSON

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.

Affected configurations

NVD

Node

arj_softwarearj_archiverRange≤3.10.22

Node

fedoraprojectfedoraMatch20

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

References

lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html

www.debian.org/security/2015/dsa-3213

www.mandriva.com/security/advisories?name=MDVSA-2015:201

www.openwall.com/lists/oss-security/2015/01/03/5

www.openwall.com/lists/oss-security/2015/01/05/9

www.securityfocus.com/bid/71895

bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435

security.gentoo.org/glsa/201612-15

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.7%

JSON

Related for NVD:CVE-2015-0557

cve1 ubuntucve1 cvelist1 debiancve1 prion1 nessus8 freebsd1 fedora3 securityvulns2 osv2 openvas7 debian3 gentoo1 kaspersky1 mageia1