CVE-2004-2565

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a ".." (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.

Ссылки

http://secunia.com/advisories/11748
Exploit
Vendor Advisory
http://securitytracker.com/id?1010353
Exploit
http://www.oliverkarow.de/research/sambar.txt
Exploit
http://www.osvdb.org/6585
Exploit
http://www.securityfocus.com/bid/10444
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/16287
http://secunia.com/advisories/11748
Exploit
Vendor Advisory
http://securitytracker.com/id?1010353
Exploit
http://www.oliverkarow.de/research/sambar.txt
Exploit
http://www.osvdb.org/6585
Exploit
http://www.securityfocus.com/bid/10444
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/16287

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sambar:sambar_server:6.1:beta2:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07652

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-x6p9-5hpx-q6qq

github

почти 4 года назад

Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.