CVE-2008-4437
Published Oct 3, 2008
Last updated 7 years ago
Overview
- Description
- Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.1
- Impact score
- 6.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8112FF13-B4CE-4DC7-85B1-C69D975F162B"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86F5A3CA-E4A6-4E51-AC83-0C8F3E5E2C4E"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6E5E379-D475-42F3-B0DC-3D04C1D25566"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3B3EF74-4784-47A7-8994-21EF489F4008"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.22.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5177876-0FEC-481B-815F-84AF53968644"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.22.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC38566A-07F1-4F21-BAC1-259F844DC15C"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.22.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE1684B8-3060-4139-BC06-707F27A05958"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.22.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF32C74C-3EA3-4E1F-BADA-BB4A92068266"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02846865-D124-4C72-85C8-59A7C6F43E2E"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.23.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99B59422-ED6E-4F82-8D0C-091058D1C438"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.23.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F658844A-6253-4A18-8A5D-1E818BE7A367"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.23.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4753AB35-B95C-4544-A874-5E6D83929AC1"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.23.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4880D54-CA42-4CCA-B01E-2C125002BF5C"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80EBAA09-F2C8-445E-8E3A-B5F937E1B1E2"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "585F05F2-B294-4218-9209-C487B4D2994B"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3246890-8D66-474F-AC9C-BC556426467D"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7090332F-4CC2-4ADD-AEEC-75238BCA55CC"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F960BE59-05B1-4438-A854-279612E13A7B"
}
],
"operator": "OR"
}
]
}
]