Lucene search
Ubuntu.comUB:CVE-2008-4437HistoryOct 03, 2008 - 12:00 a.m.
CVE-2008-4437
2008-10-0300:00:00
ubuntu.com
ubuntu.com
17
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.006 Low
EPSS
Percentile
79.3%
Directory traversal vulnerability in importxml.pl in Bugzilla before
2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote
attackers to read arbitrary files via an XML file with a … (dot dot) in
the data element.
Notes
| Author | Note |
|---|---|
| jdstrand | per stefanlsd, Dapper not affected |
Related
cvelist
cvelist
CVE-2008-4437
2008-10-03 22:00:00
freebsd
freebsd
Bugzilla -- Directory Traversal in importxml.pl
2008-06-03 00:00:00
nessus
nessus
FreeBSD : Bugzilla -- Directory Traversal in importxml.pl (1d96305d-6ae6-11dd-91d5-000c29d47fd7)
2008-08-17 00:00:00
Fedora 10 : bugzilla-3.2.2-2.fc10 (2009-2417)
2009-04-23 00:00:00
Fedora 9 : bugzilla-3.2.2-2.fc9 (2009-2418)
2009-03-19 00:00:00
prion
prion
Directory traversal
2008-10-03 22:22:00
cve
cve
CVE-2008-4437
2008-10-03 22:22:45
openvas
openvas
FreeBSD Ports: bugzilla, ja-bugzilla
2008-09-04 00:00:00
FreeBSD Ports: bugzilla, ja-bugzilla
2008-09-04 00:00:00
Fedora Core 9 FEDORA-2009-2418 (bugzilla)
2009-03-20 00:00:00
nvd
nvd
CVE-2008-4437
2008-10-03 22:22:45
fedora
fedora
[SECURITY] Fedora 10 Update: bugzilla-3.2.2-2.fc10
2009-03-18 19:06:58
[SECURITY] Fedora 9 Update: bugzilla-3.2.2-2.fc9
2009-03-18 18:59:22
gentoo
gentoo
Bugzilla: Multiple vulnerabilities
2010-06-04 00:00:00
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.006 Low
EPSS
Percentile
79.3%
Related for UB:CVE-2008-4437