Описание
Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-1505
- https://github.com/Kozea/Radicale/pull/343
- https://github.com/Kozea/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6
- http://www.openwall.com/lists/oss-security/2016/01/05/7
- http://www.openwall.com/lists/oss-security/2016/01/06/4
- http://www.openwall.com/lists/oss-security/2016/01/06/7
- http://www.openwall.com/lists/oss-security/2016/01/07/7
- http://www.securityfocus.com/bid/80255
Пакеты
Наименование
Radicale
pip
Затронутые версииВерсия исправления
< 1.1
1.1
Связанные уязвимости
CVSS3: 10
ubuntu
около 10 лет назад
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
CVSS3: 10
nvd
около 10 лет назад
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
CVSS3: 10
debian
около 10 лет назад
The filesystem storage backend in Radicale before 1.1 on Windows allow ...