CVE-2011-2725

Published Feb 4, 2014

Last updated 6 years ago

Overview

Description: Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BCD40E7-772E-43D4-8078-FFAFEB8333EA",
            "versionEndIncluding": "2.17"
          },
          {
            "criteria": "cpe:2.3:a:kde:kde_sc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95C030CD-A25E-4613-B669-BBAD5B8BCF8D",
            "versionEndIncluding": "4.7.4"
          },
          {
            "criteria": "cpe:2.3:a:kde:kde_sc:4.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F1C09CE-7311-481E-8F8C-69563F05324F"
          },
          {
            "criteria": "cpe:2.3:a:kde:kde_sc:4.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CC222E8-A9F1-4397-BB06-165133DF8F95"
          },
          {
            "criteria": "cpe:2.3:a:kde:kde_sc:4.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8D50324-50BA-4E94-994E-8DEAAB4928FB"
          },
          {
            "criteria": "cpe:2.3:a:kde:kde_sc:4.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E880AA7A-5081-4FD0-890C-21BCEB1208D6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References