CVE-2009-3902

Опубликовано: 06 нояб. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /.. (slash backslash dot dot) in the URL.

Ссылки

http://freetexthost.com/ncyss3plli
Exploit
URL Repurposed
http://osvdb.org/59588
Exploit
http://pocoftheday.blogspot.com/2009/10/cherokee-web-server-054-directory.html
Exploit
http://secunia.com/advisories/37183
Vendor Advisory
http://www.securityfocus.com/bid/36874
Exploit
http://www.vupen.com/english/advisories/2009/3091
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54024
http://freetexthost.com/ncyss3plli
Exploit
URL Repurposed
http://osvdb.org/59588
Exploit
http://pocoftheday.blogspot.com/2009/10/cherokee-web-server-054-directory.html
Exploit
http://secunia.com/advisories/37183
Vendor Advisory
http://www.securityfocus.com/bid/36874
Exploit
http://www.vupen.com/english/advisories/2009/3091
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54024

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:cherokee:cherokee_httpd:0.5.4:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.07272

Низкий

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2009-3902

debian

больше 16 лет назад

Directory traversal vulnerability in Cherokee Web Server 0.5.4 and ear ...

GHSA-7vcp-8q92-r6jf

github

почти 4 года назад

Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL.