CVE-2008-0396

Published Jan 23, 2008

Last updated 6 years ago

CVSS info 7.8

Overview

Description: Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bitdefender:update_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E81A03E-FA83-4446-9DB1-F7F8656004F7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2008-0396
http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/
http://secunia.com/advisories/28578
http://securityreason.com/securityalert/3568
http://www.oliverkarow.de/research/bitdefender.txt
http://www.securityfocus.com/archive/1/486701/100/0/threaded
http://www.securityfocus.com/bid/27358
http://www.vupen.com/english/advisories/2008/0213
https://exchange.xforce.ibmcloud.com/vulnerabilities/39802

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References