Directory traversal

2007-05-1720:30:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

JSON

Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a … (dot dot) in the path parameter to the /browse URI.

CPENameOperatorVersion
rdiffwebeq0.2
rdiffweble0.3.5
rdiffwebeq0.3.2
rdiffwebeq0.3
rdiffwebeq0.3.1
rdiffwebeq0.1

Name	Operator	Version
rdiffweb	eq	0.2
rdiffweb	le	0.3.5
rdiffweb	eq	0.3.2
rdiffweb	eq	0.3
rdiffweb	eq	0.3.1
rdiffweb	eq	0.1

References

osvdb.org/36519

secunia.com/advisories/25368

www.rdiffweb.org/wiki/index.php?title=Roadmap

www.securityfocus.com/bid/24092

www.vupen.com/english/advisories/2007/1775

exchange.xforce.ibmcloud.com/vulnerabilities/33734

lists.berlios.de/pipermail/rdiffweb-discuss/2007-March/000100.html