CVE-2010-3306

Published Sep 24, 2010

Last updated 14 years ago

Overview

Description: Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.
Source: secalert@redhat.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBC7CD4E-E756-47F1-8F33-167C7C2D5E33",
            "versionEndIncluding": "0.12.2"
          },
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6650A16B-CFBF-4C86-B01F-CCDEA7E4F4F4"
          },
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B789AE33-D621-4DFB-8C8D-66530B91C953"
          },
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94D66BF6-15A7-4E07-8AD9-F6E6C0B178D9"
          },
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "543DFE13-2B57-4BDB-93AF-FABFC3BEBB6E"
          },
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "639D8DC1-3244-405F-8FFB-CE39956F6045"
          },
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3936329-9F69-4B0B-B26F-F9648D3C0D66"
          },
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CEB6737-5814-4C64-A5D7-19ED85658A5B"
          },
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31BF56FB-C471-4E39-949B-29D811323FE5"
          },
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87C00E1D-EBC7-41BA-95D1-6B3C0DB9EDD0"
          },
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0A3CEAE-1E2D-41E7-8E31-A0CBCE418BC9"
          },
          {
            "criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "638B2EDA-2381-473B-A6DF-3E9891BA7FE8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References